Secure, Cloud-based System
We take the security of our clients’ data very seriously. Our fully encrypted cloud-based service, which means you can be confident your data is fully protected 24/7.
Your data remains encrypted in all of our backups, and that applies to both uploaded documents as well as text entered in to the system.
Above all, your data remains your data – ready to export from the system at any time.
Online banking-grade security
Amazon Web Services infrastructure
Fully managed hardware
Fully managed backups
Connection Security
Whenever you connect to the CarePlanner system via a web browser, your connection is made securely using the same encryption standards used in online banking (SSL/TLS using SHA 256-bit keys). This makes it almost impossible for anyone to eavesdrop on your connection whilst you are using, sending data to, or retrieving data from CarePlanner.
When you first start to use CarePlanner, the system asks you to set passwords that contain at least one uppercase character and at least two non-letter symbols. You can choose to reduce or increase this security requirement, but our recommendation is always to leave it set at this level as a minimum. This will ensure that your staff passwords are not vulnerable to most dictionary-based, brute-force hacking attempts.
In addition, the CarePlanner system automatically blocks access when it detects several incorrect login attempts. This also reduces the effectiveness of brute-force attacks.
Infrastructure Security
CarePlanner uses a distributed infrastructure that does not have a single point of failure. Every one of our servers and backup facilities is located within the European Union.
Our main servers are located in Dublin, Ireland in a highly-secure data centre run by Amazon Web Services Inc.
Backups and Encryption
All changes made on a CarePlanner system are instantly replicated between multiple databases, and, as such, point-in-time recovery is possible. This means that, in event of a serious system or user error, your database can be ‘rolled back’ to a point in time specified in minutes and seconds.
Once a day, the data in your system’s database and any uploaded documents are encrypted using AES 256-bit encryption and transferred to a secure storage service (within the European Union).
All sensitive staff and service user data – such as names, address, National Insurance numbers etc. – are stored in an encrypted format (again, using a 256-bit algorithm) in any backup of the database. This means that anyone who somehow managed to obtain a copy of your database would have no access to such information.
Data Protection
We take the security and protection of your data extremely seriously at CarePlanner, and have taken various steps to ensure this. We have a two-step system to gain access to any customer data that involves the use of secure One Time Password (OTP) devices, identical to those used by some online banking systems.
We also are registered with the Information Commissioner’s Office (ICO), registration number ZA301465.
Data Retention
Encrypted, instant-access system backups are retained for 14 days, after which they are archived for five months.
In the event of a customer leaving the platform, data is retained in line with our data retention schedule, unless otherwise requested by the customer.
The data at all times remains the customer’s possession, although most information is readily available in spreadsheet format via the reports section.