Security
We are committed to providing secure and reliable software product that meet the highest standards of security and compliance. As a software company, we understand the importance of protecting your data and ensuring the confidentiality, integrity, and availability of your information assets.
To this end, we have implemented a comprehensive Information Security Management System (ISMS). Our ISMS is designed to identify and assess risks to our systems and data, and to implement appropriate controls to mitigate those risks.
Some of the key measures we have taken to provide maximum security include:
Risk assessments
Regular risk assessments and vulnerability scans to identify potential security threats and vulnerabilities.
Access controls
Implementation of strict access controls, including role-based access, password policies, and two-factor authentication. All accesses to important internal systems are logged and constantly monitored. Role-based access control (RBAC) model is incorporated under single Medentee domain utilizing Google-supplied technology.
Data encryption
Use of encryption for data in transit and at rest, including SSL/TLS, AES, and RSA encryption protocols.
Internal training
Regular security awareness internal training for all employees to promote a culture of security and compliance.
Recovery procedures
Prompt incident response and disaster recovery procedures in case of any security incidents.
Constant monitoring
Penetration testing conducted by proficient third-parties.
Secure enviroment
The Medentee infrastructure is situated in a completely secure and redundant environment, with limited access exclusively available to limited production infrastructure SysOps staff. This arrangement enables us to take advantage of complete segregation of data and access, firewall protection, and other advanced security features.
Physical security
All customer data is hosted by Amazon Web Services (AWS) which itself hosts has numerous security certifications and ensures the physical security of that data.
As part of our commitment to maximum healthcare data security, we are pleased to announce that we will be undergoing rigorous regulatory checks for ISO 27001, NHS DSPT and CyberEssentials compliance in the coming year.
These certifications are internationally recognized and will demonstrate our dedication to protecting our customers' data and information. We look forward to completing these important assessments and continuing to uphold our security standards.