Security
CVISOR is based on Zoho Creator trusted platform, a division of Zoho Corporation. The company provides end-to-end encryption, built-in privacy controls, and protection from security threats. For full information about the security provided by Zoho Creator, please click here.
The essential relevant security features are:
-
The data is stored in secure AWS (Amazon Web Services) servers in UK and Europe. The data of CVISOR is securely stored separately from others’ data.
-
Underlying registry software adheres to secure coding guidelines including screening of code changes for potential security issues and security framework based on OWASP standards.
-
All data use strong encryption during transfers using Transport Layer Security (TLS 1.2/1.3) with strong ciphers for all connections including web access. All connections have HTTPS enabled to browsers.
-
All data is encrypted at rest using 256-bit Advanced Encryption Standard (AES).
-
Access to data will be restricted to users based on their role in the hospital/ imaging facility using strong passwords and multi-factor authentication. Patient identifiable information will not be accessible to anyone else in CVISOR or at Zoho.
-
By using audit-trails, the local and main data administrators can track and monitor user activity and protect your data against any security violations.
-
All data is backed up regularly using 256-bit encryption. If you terminate your participation/ subscription, your data will be deleted in due course unless you provide permission to retain data for research purposes.
-
Zoho Creator platform complies with the following international certifications
-
ISO/IEC 27001 – most widely recognised independent international security standards.
-
ISO/IEC 27701 – standard for privacy management to complement and extend the above standard.
-
ISO/IEC 27017 – standard for information security controls applicable to the provisions and use of cloud services.
-
ISO/IEC 27018 – establishes control objectives, controls, and guidelines for implementing measures on safeguarding personally identifiable information (PII).
-
GDPR (General Data Protection Regulation) – a pan-European regulation requiring businesses to protect the personal data and privacy of EU citizens for processing their personal data. All personally identifiable information like patient names and emails are encrypted while in transit and storage.
-