Security


ISO27001, ISO9001, CYBER ESSENTIALS PLUS AND CYBER SECURITY TRAINING

MedBrief is ISO27001, ISO9001 and Cyber Essentials Plus certified. No other organisation in the industry has a comparable profile with respect to independently audited security measures. Our Information Security Forum runs internal and third party cyber security training campaigns 52 weeks of the year ensuring that our staff understand how important your client’s data is.

 

MEDBRIEF SYSTEMS

PHYSICAL SECURITY

All MedBrief Secure Review™ servers reside within a Tier 3+ data centre located within the United Kingdom. Access to the data centre must be pre-booked and is restricted to registered individuals. Biometric access control is present on all primary and secondary entry points.

LOGICAL SECURITY

All server data sits behind redundant SonicWall firewalls and is encrypted during transmission. Our applications are subject to regular penetration tests, both internally and by independent third party information security consultants.

 

MEDICAL RECORDS OFFICE

PHYSICAL SECURITY

MedBrief's offices are located within a secure building. Access to the building is personal-device controlled. T All paper waste is shredded on-site. All medical records data not hosted within MedBrief Secure Review™ is stored on servers within our office on a fully segregated network. MedBrief does not transfer physical records to any of its staff outside of the building or working remotely.

LOGICAL SECURITY

The entire Medical Records operation is contained within an isolated network with dedicated printing and scanning facilities. Access to data stored within the office is strictly controlled to only those employees who require it and sits inside a dedicated network share.

 

MEDBRIEF SECURE REVIEW™

MedBrief Secure Review™ is a number of relational database tables which facilitate granular level control over users, matters and data. The code has been written according to strict principles guided by the OWASP Community.