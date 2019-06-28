SAN FRANCISCO, June 28, 2019 /PRNewswire/ -- Castlight Health, Inc. (NYSE: CSLT) today announced that it has earned two HITRUST certifications for information security. This achievement places Castlight in an elite group of organizations worldwide that have met key regulations and industry-defined requirements and are appropriately managing their risk.

The certifications are "HITRUST CSF® Certified" and "HITRUST Certification of the NIST Cybersecurity Framework." HITRUST CSF Certified status demonstrates that Castlight has met key regulatory and industry-defined requirements, including those of the Health Insurance Portability and Accountability Act (HIPAA), the International Standards Organization (ISO), the National Institute of Standards and Technology (NIST) and Control Objectives for Information and Related Technologies (COBIT), as well as state-specific regulations. HITRUST Certification of the NIST Cybersecurity Framework ensures that Castlight is meeting the highest standard on how to prevent, detect, and respond to cyber-attacks.

"Data is the foundation of Castlight's health navigation platform, so data security is a top priority. We are pleased to have received these certifications, confirming Castlight meets the high standards of HITRUST in the security of both enterprise and individual data management," said Maeve O'Meara, executive vice president of product and customer experience at Castlight Health. "Our customers and their employees can be confident in our ability to deliver engaging, personalized health navigation while protecting their information."

"HITRUST has been working with the industry to ensure the appropriate information protection requirements are met when sensitive information is accessed or stored in a cloud environment. By taking the steps necessary to obtain HITRUST CSF Certified status, Castlight is distinguished as an organization that people can count on to keep their information safe," said Ken Vander Wal, Chief Compliance Officer, HITRUST.

Receiving HITRUST CSF Certification and HITRUST Certification of the NIST Cybersecurity Framework supplements Castlight's existing privacy and security protections and certifications. In addition to its HITRUST CSF Certified status, Castlight has completed SOC 2® reporting, which ensures service providers securely manage data. Castlight operates in compliance with relevant privacy laws, including HIPAA standards and the General Data Protection Regulation, the European Union law on data protection and privacy. Castlight takes its commitment to exceeding customer expectations of information protection seriously, and is continuously updating these safeguards and seeking new ways to ensure the highest level of data security.

