Data Security Measures

SARU TECH has implemented a comprehensive Data Protection Impact Assessment (DPIA) to ensure compliance with GDPR, HIPAA, and local data protection laws while safeguarding patient and business data. Below are the key actions taken:

1. Data Segmentation & Access Control

• Separate Database for Each Client: Each client operates on an isolated database, ensuring data separation, security, and privacy between different organizations.
• User Roles & Permissions: Granular access control restricts sensitive patient and financial data from unauthorized staff based on job roles.
• Option to Restrict Access by IP Address / Devices: Clients can restrict system access to specific computers or networks, minimizing unauthorized external access.

2. Security & Vulnerability Testing

• Full Daily Automated Security Testing by OnSecurity: Our systems undergo daily vulnerability scans by OnSecurity, identifying and mitigating security risks in real-time.
• Manual Security Testing by OnSecurity: In addition to automated scans, OnSecurity performs in-depth manual penetration testing to uncover vulnerabilities that automated tools may miss.
• Independent Security Test Reports Available: We provide detailed security test reports from OnSecurity, our security and vulnerability testing partners, upon request.

3. Data Protection & Encryption

• End-to-End Data Encryption: All data is encrypted in transit using AES-256 encryption and TLS 1.2+ protocols.
• Comprehensive Audit Logs & Monitoring: All user activities are logged and monitored to track access and detect potential breaches.

4. Automated Backups & Disaster Recovery

• Automated Daily Backups: The system performs daily automated backups to prevent data loss.
• Disaster Recovery Plan: Our backup infrastructure ensures rapid data restoration in the event of cyberattacks, hardware failures, or system outages.

5. Compliance & Risk Mitigation

• Compliance with Data Protection Laws: Our system is designed to comply with GDPR, HIPAA, and industry-specific regulations for handling patient and business data.
• Data Protection Impact Assessment (DPIA) Audits: Regular DPIA audits are conducted to identify and mitigate risks associated with data processing activities.
• Client Control Over Data Retention Policies: Clients have the ability to define data retention periods and request secure data deletion when necessary.

6. Incident Response & Data Breach Notification Policy

In the unlikely event of a security breach, SARU TECH will immediately assess the impact, notify you of any data exposure, and collaborate on risk mitigation and enhanced security measures to prevent future incidents, ensuring compliance with data regulations.