Data Security Policy

Updated: December 2021


© Danielle Robertson Consulting Pty Ltd t/as DR Care Solutions

 

Contents:

  1. Overview

  2. Enterprise-Grade Security

    • Strong Encryption

    • Hosted in Microsoft Azure

    • Compliance

  3. Data Centre Protections

    • Physical Security

  4. Software Security

  5. Vulnerability & Certifications

  6. Complaints Handling

  7. Other Policy Information

  1. Definitions

    • Microsoft Azure GRS

    • Advanced Encryption Standard (AES)

    • TLS (Transport Layer Security)

    • Skyvia

    • General Data Protection Regulation (GDPR)

    • Health Insurance Portability & Accountability Act 1996 (USA) (HIPAA)

    • Protected Health Information (PHI)

    • Payment Care Industry Data Security Standard (PCI DSS)

    • Distributed Denial-of-Service (DDoS)

    • Service Organisation Control 2 (SOC 2 Type II)

    • ISO 27001 (IT Security Management Systems)

 

 

Overview

In holding client information, DR Care Solutions takes all reasonable steps to ensure that the information is securely kept on its IT infrastructure. Outlined below are the measures we take to keep all data secure.

 

Enterprise-Grade Security

Backups are stored securely and encrypted in Azure GRS storage, and only Danielle Robertson Pty Ltd t/as DR Care Solutions ("DR Care Solutions") has access to client data.

Strong Encryption

Data is encrypted with enterprise-grade AES  256-bit encryption with separate keys for each user. In transit, it is encrypted with TLS end-to-end encryption with at least 128 bit keys. TLS is enabled by default on the DR Care Solutions cloud CRM and website.

Hosted In Microsoft Azure

Backups are stored in Microsoft's secure Azure cloud. Microsoft works hard to provide customers the best security and protection for their data, and security is built right into their Azure platform.

Compliance

Skyvia is our cloud platform. It is compliant with the European Union's GDPR and the United States' HIPAA requirements for protected health information and is PCI DSS-compliant.

  • In-Transit Encryption -

    Sessions between DR Care Solutions and the cloud portal are protected with in-transit encryption using 2,048-bit or better keys and TLS 1.0 or above. Users with modern browsers will use TLS 1.2 or 1.3.

  • Web Application and Network Firewalls -

    Both the DR Care Solutions CRM and website are monitored for potential attacks with several tools, including a web application firewall and network-level firewall. In addition, the CRM and website platform contains DDoS prevention defences.

  • Software Development Lifecycle (SDLC) Security -

    The DR Care Solutions CRM and website implement static code analysis tools and human review processes in order to ensure consistent quality in our software development practices.

 


Data Centre Protections

Physical Security

The DR Care Solutions CRM and website are hosted with cloud infrastructure providers with SOC 2 Type II and ISO 27001 certifications, among others. The certified protections include dedicated security staff, strictly managed physical access control, and video surveillance.

 


Software Security

  • Patch Management -

    The DR Care Solutions CRM and website patch management process identifies and addresses missing patches within the product infrastructure. Server-level instrumentation ensures tracked software packages use the appropriate versions.

  • Security Incident Response -

    The DR Care Solutions CRM and website security incident process flows and investigation data sources are pre-defined during recurring preparation activities and exercises; and refined through investigation follow-ups. We use standard incident response process structures to ensure that the right steps are taken at the right time.

 


Vulnerability & Certifications

  • Vulnerability Assessment -

    Via the secure HubSpot CRM infrastructure, the DR Care Solutions CRM and website are tested for potential vulnerabilities on a recurring basis, including the running of static code analysis, and infrastructure vulnerability scans.

  • External Audit & Certification -

    Via the secure HubSpot CRM infrastructure, the DR Care Solutions CRM and website maintains its TRUSTe Certification for Enterprise Privacy. HubSpot infrastructure providers maintain ISO 27001, SOC2 Type II, and many other certifications including Amazon Web Services Compliance Programs (AWS) and Google Compliance.
    HubSpot TRUSTe Certificate     AWS Compliance Programs     Google Compliance Offerings

 


Definitions

  • Microsoft Azure GRS - 

    Geo-redundant storage (GRS) copies data synchronously three times within a single physical location in the primary region using LRS. It then copies your data asynchronously to a single physical location in a secondary region that is hundreds of miles away from the primary region.

  • Advanced Encryption Standard (AES) - 

    The standard is a symmetric block cipher chosen by the U.S. government to protect classified information. AES is implemented in software and hardware throughout the world to encrypt sensitive data. It is essential for government computer security, cybersecurity and electronic data protection.

  • Transport Layer Security (TLS) - 

    There are cryptographic protocols designed to provide communications security over a computer network. Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP (VOIP).

  • Skyvia - 

    This all-in-one cloud data platform provides no coding data integration, cloud-to-cloud backup, management via SQL, and data access via OData interface.

  • General Data Protection Regulation (GDPR) - 

    The GDPR is a regulation in EU law on data protection and privacy in the EU and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.

  • Health Insurance Portability and Accountability Act 1996 (HIPAA) - 

    This US federal law requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge.

  • Protected Health Information - 

    Such information includes all individually identifiable health information including demographic data, medical histories, test results, insurance information, and other information used to identify a patient or provide healthcare services or healthcare coverage.

  • Payment Card Industry Data Security Standard (PCI DSS) -

    This is an information security standard. It requires consistency in adhering to a set of guidelines set forth by the PCI Standards Council.

  • Distributed Denial-of-Service (DDoS) - 

    This is a malicious attack or attempt to disrupt normal traffic to a web property.

  • Service Organisation Control 2 (SOC 2 Type II) - 

    Pronounced "sock two" and more formally known as Service Organisation Control 2, this internal control reports on the performance of the organisation's controls related to security, availability, processing integrity, confidentiality and privacy.

  • ISO 27001 - 

    This is the international standard on how to manage information security. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS), the aim of which is to help organisations make the information assets they hold more secure.

 


Complaints Handling

You have the right to complain about our handling of your data. If you wish to make a complaint about our handling of your data, please write to our Privacy & Data Security Officer as per below:

The Privacy & Data Security Officer:
DR Care Solutions
3408 / 1 Sergeants Lane
St Leonards  NSW  2065

Email: danielle@drcaresolutions.com.au 

Telephone: 1800 372 273




Nota Bene

From time to time, DR Care Solutions may review and amend this Data Security Policy to account for new laws, technology or changes to our operations. We encourage you to periodically review our Data Security Policy for any changes. 

All Our Legal Policies

Privacy Policy
Cookie Policy
Data Security Policy
Acceptable Use & Copyright Policy

Your Care | Your Support | Your Way 

Aged Care & Disability Care Solutions