Security

Learn more about Corsano’s ongoing journey with the cloud and our innovative use of security offerings to reduce risks and improve the privacy of information. Here’s an overview of how we have built security at Corsano:

Proactive Security
We believe in taking a proactive stance on securing our systems and applications. We follow industry best practices, as well as our customers’ recommendations, to harden our systems. When it comes to our application, our developers follow industry best practices during the software development lifecycle, including OWASP (Open Web Application Security Project) Top 10 and relevant technology specific guidelines. We rigorously test our code prior to and after the deployment to production. Preventative and corrective maintenance of the data center equipment is scheduled through a standard process according to documented procedures.

Data Center Security
Corsano stores all production data in physically secure datacenters. We own and maintain the backend infrastructure where customer data is stored. We use data centers in various geographic locations for continuity and regulatory purposes, which are Tier III/Tier III+ and ISO 27001 certified. Our data centers have common security practices, including closed-circuit video monitoring and 24/7-manned guards, and require the use of biometric access controls to our locked cages.

Data Security
Our customer’s data – and the security of that data – is of utmost importance to us, which is why we provide our customers with complete control over their data. Our servers are encrypted using TLS. We employs multiple layers of network devices and intrusion detection to protect its external attack surface. And, our security architecture ensures segregation of customer data.

Continuous Monitoring
We utilize both internal and external services to perform continuous scanning and monitoring of our network and application. We also conduct regular vulnerability scans, risk assessments and penetration tests.

Compliance
We strive to be industry leaders in regulatory requirements and compliance. Our processes and controls are regularly audited by internal and external parties, including customers and independent assessors. Our datacenters are Tier III/Tier III+ and/or ISO 27001 certified. We have also successfully undergone audits and are compliant with General Data Protection Regulation (GDPR).

Located in Europe and NSA non-compatible
Europe is internationally recognised for data protection. Corsano Health B.V. is a neutral, independent company in corporated in The Netherlands. Dutch law concerning data protection ensures complete confidentiality both for businesses and for individuals, and no government can have access to personal information without the agreement of a judge.

General Data Protection Regulation (GDPR) Compliance
Corsano is passionate about ensuring that our clients are able to comply with data privacy regulations, including the European Union’s GDPR, which goes into effect in May 2018. We provide our clients with enterprise-grade controls to manage, govern access and ensure security of personal data housed in Corsano Cloud. As required by GDPR, Corsano allows our clients to correct, export, or permanently delete personal information. Corsano also purges personal data from internal processing systems to minimize the data we retain per GDPR Article 5. Please visit our GDPR page to find out more how Corsano is setting the bar for customer personal data protection.

To report an incident, concern, or for general security questions, please email privacy@corsano.com