Security

ISO27001

MedBrief is ISO27001 compliant. Internet access is heavily restricted: staff workstations being either off line completely or only able to access websites on MedBrief's approved site list.

MedBrief Systems

Physical Security

All MedBrief Secure Review™ servers reside within a Tier 4 datacentre located within the United Kingdom. Access to the datacentre must be pre-booked and is restricted to registered individuals. Biometric access control is present on all primary and secondary entry points.

Logical Security

All server data sits behind a SonicWall firewall and is encrypted during transmission. Our applications are subject to regular penetration tests by independent third party information security consultants.

Medical Records Office

Physical Security

MedBrief's offices are located within a secure building. Access to the building is personal-device controlled. The office is sited within an enhanced security area with biometric access control restricted to a small number of essential staff. All paper waste is shredded on-site. All medical records data not hosted within MedBrief Secure Review™ is stored on servers within our office on a fully segregated network. The servers are located in a secure room with biometric access, a steel door and reinforced ceiling.

Logical Security

The entire Medical Records operation is contained within an isolated network with dedicated printing and scanning facilities. There is a point to point connection between the office and the data centre. Access to data stored within the office is strictly controlled to only those employees who require it and sits inside a dedicated network share.

MedBrief Secure Review

MedBrief Secure Review is a number of relational database tables which facilitate granular level control over users, matters and data. The code has been written according to strict principles guided by the OWASP Community.