Privacy and Security
Privacy and security is critical to the quality of the service Corum Group delivers. This is best summarised in Corum Group’s privacy statement and security principles:
Corum Group Privacy Guidance Paper
Reporting a Vulnerability
If you find vulnerability in our products or services, please notify us immediately via Corum Support
Reporting an Incident
If you become aware of the compromise of any of our products or services, please notify us immediately via Corum Support
Minimum Security Requirements
In order to ensure our products maintain a strong security level, pharmacies are recommended to maintain minimum level of security, including but not limited to:
- Encryption for data at rest;
- Proper system/network segmentation;
- The use of endpoint firewall;
- Updated antivirus;
- Documented expectations around mobile device usage;
- Password protection rules;
- Access control; and
- Users training and awareness.
We aim to be as open and transparent with our security policies as practicable to help our customers understand what we do, and how we do it. To request information on our policies please email:firstname.lastname@example.org
In event of an incident that affects our customer’s data, we immediately notify our customers and take required actions including assigning responsibilities for managing the incident. Considering the sensitivity of the situation we do not publish documents specifying roles and responsibilities for managing the incident.
Information Security Management Program
We base our policies and security baseline on the domains defined by the Cloud Security Alliance (CSA) and Cloud Controls Matrix (CCM).We perform on-going vulnerability and risk assessments in order to evaluate threats and monitor our infrastructure’s compliance against our information security baseline.Our staff regularly undertake security awareness training to ensure security controls are followed and customer data is protected from security threats.
Segregation of Duties
All our operations incorporate access controls reflective of an individual’s role, to prevent unauthorised access.
Business Continuity and Redundancy Plans
Corum Group will share pre-defined parts of its Business Continuity and Redundancy plans by email request. Such a document will cover aspects as recovery times and resources required for resumption. To request information on Business Continuity and Redundancy plans, please email: email@example.com
Retention Policy (Disclosing Data Government)
Corum Group will sanitise all computing resources of tenant data once a customer has exited our environment.
Product Specific Security Documents