1. Introduction

Doktr.me is committed to maintaining high standards of security and privacy in our healthcare application, especially in our integration with Zoom. This policy outlines our approach to protecting sensitive information and ensuring the security of our users' data.

2. Data Protection and Privacy

1. Access Control: We implement strict access controls to ensure that only authorized personnel can access sensitive information. This includes role-based access control (RBAC) and strong authentication methods.
2. Data Handling: We have established protocols for the responsible handling of user data throughout its lifecycle within our system.

3. Secure Development Practices

1. Secure Coding: Our development team follows secure coding practices and undergoes regular security training.
2. Code Review: All code changes undergo peer review and automated security scanning before deployment.
3. Regular Updates: We maintain a schedule for regular updates and patch management to address any identified vulnerabilities promptly.

4. Third-Party Risk Management

1. Vendor Assessment: We conduct thorough security assessments of all third-party vendors, including Zoom.
2. Data Processing Agreements: We maintain appropriate data processing agreements with all third parties that handle sensitive information.

5. Incident Response and Disaster Recovery

1. Incident Response Plan: We have a comprehensive incident response plan in place to address any security breaches or data loss events promptly.
2. Disaster Recovery: Our disaster recovery plan ensures business continuity and data protection in case of unforeseen events.

6. Compliance and Auditing

1. Regular Audits: We conduct regular internal security audits to ensure ongoing compliance with our security standards.
2. Compliance Reviews: We regularly review our practices to align with relevant industry standards and best practices.

7. User Authentication and Session Management

1. Strong Authentication: We implement user authentication mechanisms, including robust password policies.
2. Secure Session Handling: All user sessions are managed with appropriate timeout and invalidation procedures.

8. Physical Security

1. Data Center Security: Our infrastructure is hosted in secure data centers with appropriate physical access controls and environmental protections.
2. Device Management: We maintain policies for device management for all company-owned devices.

9. Ongoing Monitoring and Improvement

1. Security Monitoring: We employ security monitoring practices to detect and respond to potential threats.
2. Security Training: All employees undergo regular security awareness training to stay updated on the latest security best practices and threats.

10. Zoom-Specific Security Measures

1. API Security: Our integration with Zoom uses secure API practices, including proper authentication and authorization mechanisms.
2. Meeting Security: We implement Zoom's recommended security features such as waiting rooms and meeting passwords where applicable.
3. Data Retention: We have clear policies on data retention and deletion, ensuring that any data shared through Zoom is handled responsibly.

11. Contact Information

For any security-related inquiries or to report a security concern, please contact our security team at [email protected].

This security policy is regularly reviewed and updated to ensure ongoing protection of our users' data and alignment with industry best practices.

Last Updated: 20/07/2024