OUR SECURITY FOCUS

Advanced Data Encryption and Enhanced Security

We prioritise data security with Dental4Web. Our company is certified under ISO 27001:2013 and is GDPR compliant.

Our systems undergo rigorous penetration testing by independent third parties to guard against the latest cyber threats and high-level data encryption protects sensitive information, ensuring that your practice’s data remains secure and compliant with global standards.

Security Responsibilities and Certifications

What certifications do you have for data security and management?
We hold ISO 27001:2013 certification, ensuring our systems and processes adhere to high standards for information security management.
We operate under a shared responsibility model, where we secure the cloud infrastructure while customers manage security within the cloud, including data access permissions and configurations.
Our data centres are located in Australia, and we comply with GDPR, the Australian Privacy Principles, and health data regulations, ensuring all data handling meets national standards.

Data Sovereignty and Location

Where is our data stored, and how does data sovereignty apply?
All data is stored within AWS’s Asia Pacific (Sydney) Region, ensuring it remains under Australian jurisdiction and in compliance with local data sovereignty requirements.
All data is stored and backed up across multiple availability zones within the Sydney region to comply with Australian data residency requirements.
We prioritise data residency in Australia; any cross-border data transfers would comply with relevant Australian regulations and require appropriate safeguards.

Compliance and Legal Standards

Do you comply with Australian health privacy standards?
Yes, we comply with the Privacy Act and other health-related data regulations in Australia, safeguarding personal health information under national standards.
We are GDPR-compliant, ensuring that all personal data is handled with strict privacy and security controls, regardless of the jurisdiction.
We conduct regular compliance reviews, maintain ISO certification, and update our policies and procedures to stay aligned with evolving standards.

Data Encryption and Protection

Is data encrypted both in transit and at rest?
Data is encrypted both in transit and at rest using industry-standard encryption techniques provided by AWS.
We use AWS Key Management Service for encryption, ensuring secure data handling across our databases and storage volumes.
Keys are managed using AWS Key Management Service, providing robust security for encryption keys and safeguarding them from unauthorised access.

Risk Assessment and Security Testing

How often do you perform security risk assessments?
We conduct annual security risk assessments as part of our ISO 27001 compliance and regular monitoring to identify potential risks.
We perform annual penetration testing against recognised standards (PTES, OSSTM, OWASP) to identify and address vulnerabilities.
Our systems undergo annual ISO 27001 audits and independent cybersecurity penetration testing to verify security and compliance.

Access Control and Authentication

How is access to our data controlled and monitored?
We enforce strict access controls, including multi-factor authentication, IP restrictions, and user activity monitoring, to protect data access.
We use multi-factor authentication (MFA) to enhance account security and control user access within our systems.
User roles and permissions are configured based on access requirements, with regular audits to verify and restrict access to authorised personnel only.

Incident Management and Response

What is your data breach response plan?
We have a comprehensive data breach response plan that aligns with the Data Breach Notification Scheme by the Office of the Australian Information Commissioner (OAIC). This plan includes prompt customer notification, mitigation strategies, and compliance with regulatory requirements.
Notifications occur immediately following a data breach detection as part of our commitment to transparency and regulatory compliance.
Notifications occur immediately following a data breach detection as part of our commitment to transparency and regulatory compliance.

Business Continuity and Redundancy

What are your redundancy and backup procedures?
We use AWS’s multi-zone redundancy for high availability, real-time data replication and regular backups to protect against data loss.
Our AWS infrastructure provides a 99.99% uptime guarantee, ensuring reliable access and continuity for all customers.
We maintain detailed business continuity plans, including disaster recovery, redundancy, and regular system health checks to ensure uninterrupted service.

Privacy and Data Protection by Design

How do you integrate privacy principles into your services?
We adhere to Privacy by Design principles, embedding privacy into our systems, policies, and procedures to meet stringent regulatory standards.
Our data retention policies comply with regulatory guidelines, including a standard 90-day retention period for deleted data versions and modifications.
We use secure deletion protocols that comply with data protection regulations, ensuring data is permanently removed when retention periods end.

Compliance with Best Practices

Do you follow the Australian government and ACSC recommendations for cloud security?
Yes, we align with recommendations from the Australian Cyber Security Centre (ACSC) and follow industry best practices in cloud security.
We implement tenant isolation measures and use Amazon’s virtualisation technology to protect data across our cloud platform.
We adhere to standards like ISO 27001 and perform regular risk assessments to align with global cloud security standards.

Data Control and Ownership

Do we retain ownership of our data at all times?
Our customers retain full ownership of their data, with complete control over access, management, and deletion rights.
We support data migration and secure deletion for customers leaving our platform, ensuring compliance and data integrity throughout the process.
Comprehensive logging and auditing tools are available, enabling customers to review user activity and data access logs.

Additional Costs and Transparency

Are there additional charges for data storage or access requests?
Any data storage exceeding initial agreements incurs a small fee, billed monthly per GB of storage.
Billing is managed transparently, with notifications for storage capacity and monthly charges based on usage exceeding the agreed limits.

Want to experience it for yourself?

Schedule a demo today to see Dental4Web in action.