The security, integrity, and availability of your data are our top priorities. Inclusio Limited uses a multi-layered approach to protect and monitor all customer information. Our solution leverages multiple layers of defence to protect key information and handle all critical facets of network and application security, including authentication, authorization and assurance.
Key Security Attributes
All data is encrypted at transport AES encryption
All data is encrypted at rest AES encryption
All administration access to servers requires Multi-factor Authentication
Multi-tier security topology
Extensive auditing and logging
Separation of control
Inclusio delivers high levels of security that are compliant with current security standards, regulations (GDPR, PCI-DSS, ISO-27001), and practices applicable to the medical and financial sectors in Europe and elsewhere. This level of security is achieved by data/metadata separation (anonymization), encryption, distributed key management, and by enforcing strict access control on data and user privacy settings. These mechanisms enables secure information storage, exchange, and processing. Secure data management in the Inclusio platform with optional end-to-end security approach, guarantees data confidentiality and consistency during the entire data transfer and storage process.
Information and Cyber Security
Communication between Inclusio entities and employees is encrypted in transit, and data in storage and databases is encrypted at rest. All personal electronic devices participating in business communications are registered, authored and monitored. Additionally, the system periodically undergoes extensive internal and external penetration tests and all possible vulnerabilities are classified and prioritized for resolution.
Third-party oversight is the process whereby Inclusio monitors and manages interactions with all external parties with which it has a relationship. This includes both contractual and non-contractual parties (ex., online services).
Third-party management is conducted primarily for the purpose of assessing the ongoing behaviour, performance and risk that each third-party relationship represents to a company as well as:
identification of all relevant data processors
understanding what data is stored and processed
how well each processor protects EUPI data
processor's progress at becoming GDPR compliant
Inclusio key security controls
Protecting authentication credentials in storage and in transit
Not disclosing causes of failed login attempts
Preventing users from logging into functional accounts
Maintaining vendor software and hardware on supported versions
Controlling caching of sensitive data on client-side devices
Masking confidential data attributes in non-production environments
Employing backup procedures
Reporting and tracking operational incidents
Performing high availability, sustained resiliency and disaster recovery tests
Having a current technology recovery action plan
Performing penetration tests and re-mediating discovered issues prior to production
Not relying exclusively on client-side security controls
Employing automatic authenticated session time-out after a specified period of inactivity
Protecting against concurrent logins, cloning or reuse of the session
Employing strong session controls and MFA