GoodX IT Security Policies & Strategies

1. EMPLOYEE SECURITY

  1. All GoodX employees are under a strict confidentiality agreement.
  2. All GoodX employees undergo POPIA training and must adhere to POPIA best practices.
  3. All employees are required to uphold industry standards (ISO27001) and industry best practices.
  4. GoodX has monitoring tools, access logs and teams that ensure your data is protected and readily available.
  5. GoodX employees joining the company are trained before allowing access to data.
  6. GoodX employees leaving the company are removed from all platforms and do not have further access.
  7. Policies and standard operating procedures have been implemented to enforce security measures.

2. DATA ENCRYPTION

  1. All data is transferred using TLS 1.2.
  2. Sensitive data is encrypted at rest, and all data is encrypted in transport.
  3. Client data is logically separated from each other on GOODX cloud environments.

3. SOFTWARE

  1. New features are designed with security in mind.
  2. Our software is tested for security vulnerabilities with every release.
  3. We proactively identify and address issues with our rigorous quality assurance process.
  4. If opted in, software that is hosted by us are in secure Data Centres on GoodX monitored infrastructures.
  5. GoodX practices strict backing up and Replication processes to ensure against data loss.

4. CONVENIENCE

  1. Our software and business platforms are set up to allow for Multi Facet authentications.
  2. If opted in, all client call-ins are logged in our CRM against the client’s profile.
  3. Clients have the option to decide how and what personal information is utilised by GoodX.

5. CLOUD INFRASTRUCTURE

  1. All data is hosted locally on GoodX servers and processed in a PCI DSS-compliant data centre which is also certified with the following iso certifications: ISO 9001:2015 (Quality Management), ISO/IEC 27001:2013 (Information Security Management) and ISAE 3402 Type 1 Attestation (Information Security Management).
  2. The data centres don't have access to the data on the GoodX servers.
  3. Tightly controlled super-user access system.
  4. Separation of hosting accounts on the same server.
  5. Security-related server software updates are applied timely, taking the associated level of risk into account.
  6. GoodX Nagios system responds to infrastructure incidents 24/7 to ensure all systems are always
  7. secure and fully functional.

6. CLOUD SECURITY MEASURES

  1. There are 3 basic authentication layers between you as the Client and the Patient data.
    1. Between the Client and the Cloud connection, you need authentication for entry.
    2. Between the Client and the GoodX Program, you need authentication with the different Passwords per User.
    3. Between the GoodX program, and the Database, you need authentication with application-specific credentials.
  2. All access to cloud infrastructure is monitored and logged for audit purposes.
  3. All cloud infrastructure is hosted in South Africa and no data will be sent cross-border without the prior written instructions from the Client.

7. COMPLIANCE

  1. GoodX has implemented the requirements of the POPIA.
  2. GoodX follows best practice in the following ISO Standards: ISO27001, ISO27005 and ISO9001.
  3. GoodX is ISO27001 certified after successfully completed the second stage audit. The second stage audit report is available below, confirming that the ISO27001:2013 standards have been successfully implemented by GoodX. The final certificate is also available for clients to download and attach to their POPIA documentation with regards to their GoodX operator.

8. INCIDENT MANAGEMENT

  1. See clause 9.4.3 of the licence agreement.

Last modified: Thursday, 10 November 2022, 11:07 AM