At MyClinic365 security and data privacy are taken very seriously. We have implemented architectural best practices for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud.
We have built an architecture that protects data and systems, controls access, and responds automatically to security events. We have done this by using a number of design principles that ensures the most secure platform possible.
Implement a strong Identity foundation: We operate on a principle of least privilege and enforce separation of duties where appropriate. We centralised privilege management and have tried to reduce where appropriate our reliance on long term credentials.
Enable traceability: We monitor, alert, and audit changes to our environment in real time. Our system integrates these logs and metrics with systems to automatically respond and take action.
Apply Security at all layers: Rather than just focussing on protection at a single outer layer we apply a defence in-depth approach with other security controls. This applies to all aspects of our platform.
Automate Security Best Practices: We have fully automated our security practices which allows us to securely scale more rapidly and cost effectively. We have created secure architectures which include the implementation of controls that we define and manage as code.
Protect Data at Rest and in Transit: We have classification and tagging policies as part of our security policies that allows us to define the level of security required. Data classification provides a way for us to categorize organizational data based on levels of sensitivity, and encryption protects data by way of rendering it unintelligible to unauthorized access. At a very minimum all data in transit and at rest is encrypted.
Keep people away from data: We have created mechanisms and tools to reduce or eliminate the need for direct access or manual processing of data. This significantly reduces the risk of loss or modification and human error when handling sensitive data.
Prepare for Security Events: We have a robust incident management process in place. We run incident response simulations and use tools with automation to increase our speed for detection, investigation, and recovery.