HITRUST CSF Certification The Health Information Trust (HITRUST) Alliance is an independent testing organization that issues the Certified Security Framework (CSF) certification to vendors who successfully pass their rigorous security evaluation. The Relias Population Health Platform has earned Certified status for information security by HITRUST. HITRUST CSF Certified status demonstrates that Relias’ Population Health Platform has met key regulations and industry-defined requirements and is appropriately managing risk. This achievement places Relias in an elite group of organizations worldwide that have earned this certification. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls. HITRUST CSF Certification validates Relias’ commitment to meeting key regulations and protecting sensitive information. SOC 2 Attestation The Service Organization Control 2 (SOC 2) Type 2 Attestation Report attests that the Relias Platform has met key regulations and industry defined requirements for compliance security. Relias’ successful completion of the SOC 2 applies to all of Relias’ learning management solutions and analytics services holding any Personally Identifiable Information or Personal Health Information (PII and PHI), as well as business processes services, the platform environment, and the directly related supporting Information Technology General Computing Controls (ITGCC) system. The successfully completed attestation report required a thorough examination of Relias’ operating computing environment conducted by the independent auditing firm NDNB Assurance LLP. The SOC 2 validates Relias’ commitment to meeting key regulations and protecting sensitive information. About NDNB NDNB is a Certified Public Accounting (CPA) firm and a nationally recognized thought leader of internal control examinations, specializing in SOC Framework Attestation reports, I.T. audits, and other regulatory compliance assurance needs for organizations across the world. NDNB’s professional personnel have years of experience in their select chosen fields of work, possessing a sound working knowledge, interpretation and solid understanding of all relevant regulatory compliance issues and mandates currently affecting clients. For more information visit socreports.com. VPAT Compliance A Voluntary Product Accessibility Template (VPAT) is a standard document that vendors, like Relias, use to describe how well their product conforms to accessibility standards. A VPAT provides our customers with an open and transparent assessment of how well our product conforms to accessibility standards. To create the Relias VPAT, we conducted an accessibility audit and documented how well the content performs against each success criterion. Relias conforms to Section 508/WCAG 2.0 A accessibility standards with all new content developed and released on or after May 1st, 2020. Courses in the Relias Libraries released before May 1, 2020 also have been enabled for accessibility. This VPAT validates Relias’ commitment to the ongoing development of Relias Content as an engaging and inclusive product offering Standard accessibility guidelines For web applications, US Federal agencies adhere to Section 508, which also encompasses Web Content Accessibility Guidelines WCAG 2.0 A. The W3C develops WCAG and defines the functional requirements for web content to be considered accessible.