Privacy and Security

Privacy and security is critical to the quality of the service Corum Group delivers. This is best summarised in Corum Group’s privacy statement and security principles: Corum Group Privacy Guidance Paper

Reporting a Vulnerability

If you find vulnerability in our products or services, please notify us immediately via Corum Support

Reporting an Incident

If you become aware of the compromise of any of our products or services, please notify us immediately via Corum Support

Minimum Security Requirements

In order to ensure our products maintain a strong security level, pharmacies are recommended to maintain minimum level of security, including but not limited to:
  • Encryption for data at rest;
  • Proper system/network segmentation;
  • The use of endpoint firewall;
  • Updated antivirus;
  • Documented expectations around mobile device usage;
  • Password protection rules;
  • Access control; and
  • Users training and awareness.

Security Policies

We aim to be as open and transparent with our security policies as practicable to help our customers understand what we do, and how we do it. To request information on our policies please

Incident Management

In event of an incident that affects our customer’s data, we immediately notify our customers and take required actions including assigning responsibilities for managing the incident. Considering the sensitivity of the situation we do not publish documents specifying roles and responsibilities for managing the incident.

Information Security Management Program

We base our policies and security baseline on the domains defined by the Cloud Security Alliance (CSA) and Cloud Controls Matrix (CCM).We perform on-going vulnerability and risk assessments in order to evaluate threats and monitor our infrastructure’s compliance against our information security baseline.Our staff regularly undertake security awareness training to ensure security controls are followed and customer data is protected from security threats.

Segregation of Duties

All our operations incorporate access controls reflective of an individual’s role, to prevent unauthorised access.

Business Continuity and Redundancy Plans

Corum Group will share pre-defined parts of its Business Continuity and Redundancy plans by email request. Such a document will cover aspects as recovery times and resources required for resumption. To request information on Business Continuity and Redundancy plans, please email:

Retention Policy (Disclosing Data Government)

As covered in Corum Group’s Privacy Policy, at request, the organisation will disclose customer’s data to governments.The disclosing process will observe data sensitive and data will be equally protected in transit as it is at rest.

Secure Disposal

Corum Group will sanitise all computing resources of tenant data once a customer has exited our environment. Product Specific Security Documents ScriptARC Security