top of page
83_edited.jpg
Trust Center (5)_edited.jpg

safeguarding our members’ and providers’ data is fundamental to everything we do.

Trust Center  

We follow a security-first mindset—from design through deployment—to ensure our platforms and operations meet the highest standards in privacy, security, compliance, and availability.  Explore how we protect your trust through rigorous controls, industry certifications, and a culture of accountability. 

11.png

HIPAA & HITECH Compliance

We meet and exceed the administrative, technical, and physical safeguards required under HIPAA's Security Rule. 

12.png

Security Awareness & Training

All  Foremost workforce members receive regular training on secure practices, phishing detection, and data handling procedures. 

13.png

System Availability & Reliability 

We design our infrastructure to be resilient, scalable, and highly available, meeting the demands of our customers nationwide. 

Cloud-Native Architecture:

Built with scalability and fault tolerance in mind, leveraging top-tier Cloud Service Providers (CSPs). 

99.9% Uptime Commitment:

 We meet strict Service Level Agreements (SLAs) to ensure business continuity. 

Geo-Redundant Data Centers: 

Our systems operate across multiple secure, geographically dispersed data centers to ensure failover, resilience, and low latency. 

14.png

Data Security 
 

We implement robust technical safeguards to protect sensitive data throughout its lifecycle: 

AES-256 Encryption: 

All data is encrypted at rest and in transit using FIPS 140-2 validated cryptographic modules. 

Automated Backups: 

Regular and tested backups ensure rapid recovery in case of system disruptions. 

Data Erasure Options: 

We empower customers with the ability to request secure data deletion in compliance with HIPAA and privacy regulations

Third-Party Risk Reviews: 

Continuous assessments of external systems ensure data remains protected throughout our ecosystem. 

15.png

Identity & Access Management (IAM) 

Access to Foremost systems and data is tightly controlled using modern identity practices: 

Least Privilege Enforcement: 

Users only receive access essential to their roles. 

Multi-Factor Authentication (MFA): 

Required for all internal systems handling PHI or other sensitive data. 

Single Sign-On (SSO): 

Enhances user convenience while enforcing central policy controls. 

Comprehensive Access Logging: 

All administrative and user activity is logged and regularly reviewed. 

16.png

Application Security 
 

Security is embedded into our Software Development Life Cycle (SDLC) from day one: 

Secure Coding Practices: 

Developers follow OWASP-aligned practices and undergo security training. 

Continuous Code Analysis & Scanning:

We use automated tools to detect vulnerabilities and secrets exposure in real time. 

Pre-Deployment Reviews:

All applications undergo formal security assessments prior to production rollout. 

17.png

Secure by Design 

Security is not an afterthought—it is a foundational principle at Liberty: 

Shift-Left Security: 

Security requirements are incorporated early in the design and development process. 

Architecture Reviews: 

All major technical changes undergo formal review by the Information Security team. 

Security Automation: 

We continuously invest in automation to reduce human error and accelerate secure development. 

18.png

Vendor Security & Supply Chain Risk 

We take a zero-trust approach with third-party partners: 

Formal Vendor Security Reviews 

Risk-Based Tiering and Monitoring 

Contractual Security and Privacy Addendums 

 

We ensure vendors maintain equivalent security postures to Liberty, reducing the risk of data breaches and third-party vulnerabilities. 

19.png

Encryption & Certificates

TLS with 256-bit Encryption: 

All communications are encrypted using DigiCert-issued TLS certificates, providing secure connections that meet or exceed FIPS 140-2 Level 3 standards. 

20.png

Cyber Hygiene 

Our public-facing systems are continuously scanned for vulnerabilities. 

Vulnerability scanning of public IP assets 

External exposure assessments to reduce attack surface

Certifications & External Validations

1.png

HIPAA & HITECH

Foremost Legal Services leverages HIPAA-eligible services within Amazon Web Services (AWS) to meet the strict requirements of the Health Insurance Portability and Accountability Act (HIPAA) and the HITECH Act. This ensures the protection of Protected Health Information (PHI) across all hosted solutions, reinforcing our commitment to privacy and regulatory compliance.

2.png

HITRUST CSF Certified

Foremost inherits HITRUST CSF certification by utilizing only AWS HITRUST-certified services and aligning with the HITRUST Shared Responsibility Matrix. This approach allows us to apply robust, industry-recognized security controls without duplicating testing, reducing time and cost while maintaining the highest standards of trust, security, and compliance.

3.png

SOC 1 & SOC 2 Type II

AWS has achieved SOC 1 and SOC 2 Type II certifications through independent audits of its infrastructure. By building on this secure foundation, Foremost Legal Services ensures strong internal controls for security, availability, confidentiality, and financial reporting—validated through internationally recognized standards.

19.png

Your Trust, Our Commitment 

Trust is the foundation of everything we do at Foremost Legal Services—from safeguarding sensitive medical records to ensuring the highest standards of data security.

Our integrated privacy, security, and compliance programs work in tandem to protect what matters most: our members, providers, and partners. 

bottom of page