Security & Compliance
Keeping Data Safe & Patients Healthy
LAST UPDATED: MAY 9th, 2019
PathCloud Ltd is a ‘data processor’ for the purposes of data protection legislation. We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice.
PathCloud’s information systems and technical infrastructure are hosted within world-class, SOC 2 accredited data centers. Physical security controls at our data centers include 24x7 monitoring. The personal data that we collect from you will only be stored and processed by us within the United Kingdom.
GDPR & Compliance
PathCloud is committed to maintaining the trust and confidence of the users of our service. We respect their rights and are committed to protecting your privacy in accordance with Data Protection regulation and GDPR at all times. PathCloud Ltd is a ‘data processor’ for the purposes of data protection legislation and has appointed a data protection officer (DPO)
General Data Protection Regulation was enforced on 25 May 2018. The GDPR was designed tp unify data confidentiality laws across all European countries, to protect humans privacy, and offer better approaches to privacy data gathering, handling, and analyzing.
Access to PathCloud’s technology resources is only permitted through secure connectivity (e.g. SSL) and requires multi-factor authentication. Our password policy requires complexity, expiration, and lockout and disallows reuse.
PathCloud conducts background screening at the time of hire (to the extent permitted or facilitated by applicable laws and countries). In addition, PathCloud communicates its information security policies to all personnel (who must acknowledge this) and requires new employees to sign non-disclosure agreements, and provides ongoing privacy and security training.
Vulnerability Management and Penetration Tests
PathCloud maintains a documented vulnerability management program which includes periodic scans, identification, and remediation of security vulnerabilities on servers, workstations, network equipment, and applications. All networks, including test and production environments, are regularly scanned using trusted third party vendors. Critical patches are applied to servers on a priority basis and as appropriate for all other patches.
We also conduct regular penetration tests and remediate according to severity for any results found.
Development, testing, and production environments are separated. All changes are peer reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.
Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if PathCloud learns of a security breach, we will notify affected users so that they can take appropriate protective steps.
Keeping your data secure also requires that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems.