Security Policy

Security is one of PacSana's primary concerns. Measures include:

• All applications and customer data are stored on Microsoft Azure IoT cloud which is HIPAA compliant and HITRUST certified (further details at "https://azure.microsoft.com/en-us/overview/iot/industry/healthcare/").
• Personal confidential data is only accessible to staff who need it for their current role and access is removed as soon as it is no longer required.
• · Our software development processes follow Secure by Design best practices (further details at https://en.wikipedia.org/wiki/Secure_by_design)
• All Personally Identifiable Data is encrypted in transit and at rest.
• State-of-the-art physical security is in place at all Microsoft Data Centres to control access (further details at https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security)
• Penetration testing is performed annually by a respected 3rd party to test the PacSana infrastructure and highlight any vulnerabilities.

There are several different aspects in place to ensure our platform is hosted in a robust and secure manner:

• Our platform is fully deployed on AWS Cloud which is certified to ISO 27001, ISO 27017 and ISO 27018 (more details can be seen here https://aws.amazon.com/security/)
• Custom developed Security and Navigation Framework which covers authentication, authorisation, entity level security and zone access within the application.
• Applications are hosted in secure server environments which are hardened according to industry standard benchmark requirements.
• Network access is controlled through the use of firewalls and other industry standard technology to prevent interference or access from outside intruders.
• All information is transferred over secure encrypted channels only.
• PacSana utilises a 3rd party security company to perform penetration tests on both their infrastructure and applications every quarter.
• PacSana’s use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
• PacSana implements access controls based on job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities.

Strictly subject to Client permission on a per incident basis, PacSana support staff may access the Client account for the sole purpose of assisting the Client with resolving a support issue. All PacSana staff are subject to contractual obligations of confidentiality and undertake regular training.

Reporting Security Vulnerability:

If you believe that you have found a vulnerability with our platform and wish to report this to us, please email support@pacsana.com with evidence of the vulnerability and steps on how to reproduce it.