OUR SECURITY FOCUS

Advanced Data Encryption and Enhanced Security

We prioritise data security with Dental4Web. Our company is certified under ISO 27001:2022 and is GDPR compliant.

Our systems undergo rigorous penetration testing by independent third parties to guard against the latest cyber threats and high-level data encryption protects sensitive information, ensuring that your practice’s data remains secure and compliant with global standards.

Dental4Web Security FAQs

Security Responsibilities and Certifications

Data Sovereignty and Location

Compliance and Legal Standards

Data Encryption and Protection

Risk Assessment and Security Testing

Access Control and Authentication

Incident Management and Response

Business Continuity and Redundancy

Privacy and Data Protection by Design

Compliance with Best Practices

Data Control and Ownership

Additional Costs and Transparency

Security Responsibilities and Certifications

What certifications do you have for data security and management?

We hold ISO 27001:2022 certification, ensuring our systems and processes adhere to high standards for information security management.

Who is responsible for protecting data in the cloud?

We operate under a shared responsibility model, where we secure the cloud infrastructure while customers manage security within the cloud, including data access permissions and configurations.

How do you ensure your services comply with Australian data protection regulations?

Our data centres are located in Australia, and we comply with GDPR, the Australian Privacy Principles and health data regulations, ensuring all data handling meets national standards.

Data Sovereignty and Location

Where is our data stored, and how does data sovereignty apply?

All data is stored within AWS’s Asia Pacific (Sydney) Region, ensuring it remains under Australian jurisdiction and in compliance with local data sovereignty requirements.

Can we ensure data remains within Australia?

All data is stored and backed up across multiple availability zones within the Sydney region to comply with Australian data residency requirements.

What procedures are in place for handling data transfers across borders?

We prioritise data residency in Australia; any cross-border data transfers would comply with relevant Australian regulations and require appropriate safeguards.

Compliance and Legal Standards

Do you comply with Australian health privacy standards?

Yes, we comply with the Privacy Act and other health-related data regulations in Australia, safeguarding personal health information under national standards.

How do you ensure GDPR and other global compliance standards are met?

We are GDPR-compliant, ensuring that all personal data is handled with strict privacy and security controls, regardless of the jurisdiction.

What steps do you take to maintain compliance with evolving data security laws?

We conduct regular compliance reviews, maintain ISO certification and update our policies and procedures to stay aligned with evolving standards.

Data Encryption and Protection

Is data encrypted both in transit and at rest?

Data is encrypted both in transit and at rest using industry-standard encryption techniques provided by AWS.

What measures are in place for encrypting data within your platform?

We use AWS Key Management Service for encryption, ensuring secure data handling across our databases and storage volumes.

How are keys managed and secured?

Keys are managed using AWS Key Management Service, providing robust security for encryption keys and safeguarding them from unauthorised access.

Risk Assessment and Security Testing

How often do you perform security risk assessments?

We conduct annual security risk assessments as part of our ISO 27001 compliance and regular monitoring to identify potential risks.

Do you conduct penetration testing, and how are vulnerabilities addressed?

We perform annual penetration testing against recognised standards (PTES, OSSTM, OWASP) to identify and address vulnerabilities.

What independent audits or assessments are conducted to verify security?

Our systems undergo annual ISO 27001 audits and independent cybersecurity penetration testing to verify security and compliance.

Access Control and Authentication

How is access to our data controlled and monitored?

We enforce strict access controls, including multi-factor authentication, IP restrictions and user activity monitoring, to protect data access.

What authentication measures, like multi-factor authentication, are used?

We use multi-factor authentication (MFA) to enhance account security and control user access within our systems.

How do you manage user roles and permissions to secure sensitive information?

User roles and permissions are configured based on access requirements, with regular audits to verify and restrict access to authorised personnel only.

Incident Management and Response

What is your data breach response plan?

We have a comprehensive data breach response plan that aligns with the Data Breach Notification Scheme by the Office of the Australian Information Commissioner (OAIC). This plan includes prompt customer notification, mitigation strategies, and compliance with regulatory requirements.

How quickly will we be notified if there is a data breach?

Notifications occur immediately following a confirmed data breach detection as part of our commitment to transparency and regulatory compliance.

What protections are in place to prevent unauthorised data access?

Protections include multi-factor authentication, regular security updates, and access monitoring to prevent unauthorised access to sensitive data.

Business Continuity and Redundancy

What are your redundancy and backup procedures?

We use AWS’s multi-zone redundancy for high availability, real-time data replication and regular backups to protect against data loss.

How do you ensure high availability and uptime?

Our AWS infrastructure provides a 99.99% uptime guarantee, ensuring reliable access and continuity for all customers.

What business continuity plans exist for your cloud services?

We maintain detailed business continuity plans, including disaster recovery, redundancy, and regular system health checks to ensure uninterrupted service.

Privacy and Data Protection by Design

How do you integrate privacy principles into your services?

We adhere to Privacy by Design principles, embedding privacy into our systems, policies, and procedures to meet stringent regulatory standards.

What are your policies on data minimisation and retention?

Our data retention policies comply with regulatory guidelines, including a standard 90-day retention period for deleted data versions and modifications.

How do you ensure data is securely deleted when no longer needed?

We use secure deletion protocols that comply with data protection regulations, ensuring data is permanently removed when retention periods end.

Compliance with Best Practices

Do you follow the Australian government and ACSC recommendations for cloud security?

Yes, we align with recommendations from the Australian Cyber Security Centre (ACSC) and follow industry best practices in cloud security.

How are cloud-specific risks, such as multi-tenancy risks, managed?

We implement tenant isolation measures and use Amazon’s virtualisation technology to protect data across our cloud platform.

What steps are taken to meet international cloud security standards, such as those from NIST?

We adhere to standards like ISO 27001 and perform regular risk assessments to align with global cloud security standards.

Data Control and Ownership

Do we retain ownership of our data at all times?

Our customers retain full ownership of their data, with established data management protocols.

Can we request data deletion or migration if we stop using your services?

We support data migration and secure deletion for customers leaving our platform, ensuring compliance and data integrity throughout the process.

Are access logs and user activity logs available for audit purposes?

Comprehensive logging and auditing are available within the application, enabling customers to review user activity and data access logs.

Additional Costs and Transparency

Are there additional charges for data storage or access requests?

Any data storage exceeding initial agreements incurs a small fee, billed monthly per GB of storage.

How is billing managed for data usage beyond initial agreements?

Billing is managed transparently, with notifications for storage capacity and monthly charges based on usage exceeding the agreed limits.

Want to experience it for yourself?

Schedule a demo today to see Dental4Web in action.