Link Search Menu Expand Document

Security Overview

Version 18 November 2021 (Latest)

Table of contents

  1. Security Overview
    1. Introduction
    2. Compliance
    3. User Data Management
    4. Data Encryption
    5. Network Security
    6. Server Security
    7. Incident Management
    8. Personnel Management
    9. Supplier Selection
    10. Contact details

Introduction

We at NiceDay use the best-in-class industry practices to keep your data secure. NiceDay implements strong technical and organisational measures designed to protect your data against unauthorised access, use, alteration or disclosure in accordance with the ISO 27001 & NEN 7510 standard.

Compliance

We are annually audited and have been compliant since 2017 for these standards:

User Data Management

  • Access to all user data is restricted on a need to know basis
  • All customer data requires unique employee authentication and is restricted behind multi-factor authentication and/or SSH keys
  • Access to all sensitive client information is logged
  • Client information is split into identifiable data and non-identifiable data, with even stricter security measures applied for identifiable client information

Data Encryption

  • All client data is encrypted during transport & rest
  • Best-in-class encryption ciphers are used when encrypting data (AES-256)
  • Deprecated security profiles are not-supported (e.g TLS 1.1 is deprecated)
  • All disks on our servers are encrypted to ensure employees of our cloud provider can’t access NiceDay data

Network Security

  • The production environment is segregated from all testing environments
  • We use best-in-class security techniques to protect access to our production network (e.g firewalls, subnet isolation, etc)

Server Security

  • All actions performed on a server are logged in an immutable log storage
  • Logs are stored outside of our network to guarantee availability and security under all circumstances with high availability SLAs
  • Servers are regularly checked for CVEs and automatically updated with any security fixes for software on the server
  • All changes to the server are peer reviewed and performed through a single system to keep an audit trail

Incident Management

  • We have a 24/7 on-call team to ensure NiceDay stays always available and secure
  • We use a suite of automated and manual monitoring/alerting tools to ensure issues are resolved before you notice them

Personnel Management

  • We follow strict on-boarding and off-boarding procedures to ensure string compliance with our security procedures
  • We perform information security awareness meetings at-least twice a year to ensure high security awareness
  • We perform at-least once a year emergency drills to test our response preparedness for information security incidents
  • Best-in-class security policies are applied for all employees to minimise the attack surface

Supplier Selection

  • Strict privacy and security criteria are defined for supplier selection including requirements for signed SCCs, ISO certification and industry leading security practices
  • Risk analysis is done for all suppliers that handle user data and evaluated by the management for conscious risk assessment

Contact details

NiceDay Healthcare Nederland B.V.
Hofplein 20
3032 AC Rotterdam
Chamber of Commerce number: 77868056
Email address: gdpr@nicedaynederland.nl
Telephone: 085-0438475

For security disclsoures see responsible-disclosure