Sensitive information about with patients is shared in the Zaurus communication platform. For this reason, Zaurus has taken measures to properly arrange information security and thus ensure reliable and secure services.
Zaurus's information security policy is based on recognized information security standards. Zaurus is ISO 27001:2013 and NEN 7510:2017 certified. In addition, Zaurus asks its IT cooperation partners to take at least comparable measures.
The standards for information security mentioned contain many measures that companies must take to guarantee the security of information. This ranges from general measures (such as drawing up an organization-wide information security policy, dissemination of knowledge among personnel, personnel screening, etc.) to technical measures (such as obligations with regard to passwords, encryption of information and making backups, etc.).
Every year, Zaurus is tested by an independent internal and external auditor for compliance with ISO 27001:2013 and NEN 7510:2017. This means that information security is embedded in our daily way of working and is very important to us.
For some Zaurus clients, the Zaurus communication platform is of crucial importance in healthcare delivery and operations. That is why Zaurus has extensive policy in the field of privacy and information security. With this, Zaurus complies with the General Data Protection Regulation (GDPR) and Zaurus ensures a reliable and secure service. All measures contribute to the three pillars of information security: confidentiality, integrity and availability.
- Confidentiality: The data is only accessible to authorized persons.
- Integrity: The data is protected against accidental and unwanted changes.
- Availability: The data is shown when it is needed.
All messages are sent over an SSL encrypted connection. This means that it is not possible for third parties to intercept these messages. In addition, messages are stored in the database encrypted with the strongest encryption keys. We also use firewalls, intrusion detection systems and intrusion prevention systems. In addition, we make it possible for the user to take additional security measures himself. For example, the mobile applications for Android and iOS can be secured with a PIN code, which the user can set himself. The user also has the option to use two-factor authentication, which adds an extra layer of security to the login process.
Zaurus will never hand over data to third parties, except at the initiative of the user himself (by setting an authorization for external software, such as Zapier). In this case, the user will be notified in advance of what data will be shared with Zapier and will be asked if they agree to this. These permissions can be revoked or discontinued at any time.
If you would like to know more about this subject or are you curious about what specific measures we have taken, please contact our Chief Information Security Officer at firstname.lastname@example.org.