DR Care Solutions Data Security Policy

© Danielle Robertson Consulting Pty Ltd t/as DR Care Solutions | Data Security Policy Last Updated: September 2020

Contents


 

Enterprise-Grade Security

Backups are stored securely and encrypted in Azure GRS storage, and only Danielle Robertson Pty Ltd t/as DR Care Solutions ("DR Care Solutions") has access to client data. 

 

Strong Encryption

Data is encrypted with enterprise-grade AES (Advanced Encryption Standard) 256-bit encryption with separate keys for each user. In transit, it is encrypted with TLS (Transport Layer Security) end-to-end encryption with at least 128 bit keys. TLS is enabled by default on the DR Care Solutions cloud CRM and Websites.

 

Hosted in Microsoft Azure

Backups are stored in Microsoft's secure Azure cloud. Microsoft works hard to provide customers the best security and protection for their data, and security is built right into their Azure platform.

 

Compliance

Skyvia is compliant with the European Union's Global Data Protection Regulation (GDPR). It complies with HIPAA (Health Insurance Portability and Accountability Act of 1996 - USA) requirements for Protected Health Information (PHI) and is PCI DSS-compliant.

  • In-Transit Encryption -
    Sessions between DR Care Solutions and the portal are protected with in-transit encryption using 2,048-bit or better keys and TLS 1.0 or above. Users with modern browsers will use TLS 1.2 or 1.3.

  • Web Application and Network Firewalls -
    Both the DR Care Solutions CRM and Websites are monitored for potential attacks with several tools, including a web application firewall and network-level firewalling. In addition, the CRM and Website platform contains Distributed Denial of Service (DDoS) prevention defences.

  • Software Development Lifecycle (SDLC) Security -
    The DR Care Solutions CRM and Website implement static code analysis tools and human review processes in order to ensure consistent quality in our software development practices.

 

Data Centre Protections

 

Physical Security

The DR Care Solutions CRM and Website are hosted with cloud infrastructure providers with SOC 2 Type II and ISO 27001 certifications, among others. The certified protections include dedicated security staff, strictly managed physical access control, and video surveillance.

 

Software Security

  • Patch Management -
    The DR Care Solutions CRM and Website patch management process identifies and addresses missing patches within the product infrastructure. Server-level instrumentation ensures tracked software packages use the appropriate versions.

  • Security Incident Response -
    The DR Care Solutions CRM and Website security incident process flows and investigation data sources are pre-defined during recurring preparation activities and exercises and are refined through investigation follow-ups. We use standard incident response process structures to ensure that the right steps are taken at the right time. 

 

Vulnerability & Certifications

  • Vulnerability Assessment -
    Via the secure HubSpot CRM infrastructure, the DR Care Solutions CRM and Website are tested for potential vulnerabilities on a recurring basis, including the running of static code analysis, and infrastructure vulnerability scans.

  • External Audit & Certification -
    Via the secure HubSpot CRM infrastructure, the DR Care Solutions CRM and Website maintains its TRUSTe Certification for Enterprise Privacy. HubSpot infrastructure providers maintain ISO 27001, SOC2 Type II, and many other certifications including Amazon Web Services Compliance Programs (AWS) and Google Compliance.
IMG HubSpot TRUSTe Certificate on White BG-min

TRUSTe Certificate

IMG AWS Compliance Programs on White BG-min

AWS Compliance 

IMG Google Compliance Offerings on White BG-min

Google Compliance



 

Definitions

 

  • Microsoft Azure GRS - 
    Geo-redundant storage (GRS) copies data synchronously three times within a single physical location in the primary region using LRS. It then copies your data asynchronously to a single physical location in a secondary region that is hundreds of miles away from the primary region.

 

  • AES (Advanced Encryption Standard) - 
    A symmetric block cipher chosen by the U.S. government to protect classified information. AES is implemented in software and hardware throughout the world to encrypt sensitive data. It is essential for government computer security, cybersecurity and electronic data protection.

 

  • TLS (Transport Layer Security) - 
    Cryptographic protocols designed to provide communications security over a computer network. Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP (VOIP).

 

  • Skyvia - 
    The all-in-one cloud data platform fo no coding data integration, cloud to cloud backup, management via SQL and data access via OData interface.

 

  • GDPR (General Data Protection Regulation) - 
    The GDPR is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.

 

  • HIPAA (Health Insurance Portability and Accountability Act of 1996) - 
    A USA federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge.

 

  • PHI (Protected Health Information) - 
    Includes all individually identifiable health information including demographic data, medical histories, test results, insurance information, and other information used to identify a patient or provide healthcare services or healthcare coverage.

 

  • PCI DSS (Payment Card Industry Data Security Standard) -
    An information security standard. This means consistency adhering to a set of guidelines set forth by the PCI Standards Council.

 

  • DDoS (Distributed Denial-of-Service) - 
    A malicious attack or attempt to disrupt normal traffic to a web property.

 

  • SOC 2 Type II (Service Organisation Control 2) - 
    Pronounced "sock two" and more formally known as Service Organisation Control 2, reports on various organisational controls related to security, availability, processing integrity, confidentiality or privacy.

 

  • ISO 27001 - 
    An international standard on how to manage information security. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS), the aim of which is to help organisations make the information assets they hold more secure.

 

 

Complaints

You have a right to complain about our handling of your data. You can make complaints about our handling of your data to our Data Security Officer:

The Data Security Officer:
DR Care Solutions
3408 / 1 Sergeants Land, St Leonards, NSW 2065
Telephone: 0418 737 357

 

Privacy Policy

DR Care Solutions takes the protection of personal information of our clients', care providers' and any other persons with whom we deal seriously. For more information on our Privacy Policy, please head here: DR Care Solutions Privacy Policy.



NB: We may, from time to time, review and amend this Data Security Policy to take into account new laws, technology or changes to our operations. We encourage you to periodically review our Data Security Policy for any changes.