At Doctums, we are committed to maintaining a comprehensive and adaptive information security program that protects the confidentiality, integrity, and availability of our data and systems, as well as those of our clients. Our program is designed to be flexible and responsive to the evolving landscape of cybersecurity threats and regulatory requirements.
1. Governance and Risk Management. Our Leadership Team oversees the information security program, ensuring alignment with business objectives and regulatory compliance. We conduct regular risk assessments to identify, evaluate and mitigate potential security risks to our operations and client data.
2. Policy Framework. We maintain a comprehensive suite of security-related policies and procedures that establish clear guidelines for the secure handling of information and the use of technology resources.
3. Security Controls. We implement and regularly update technical, administrative, and physical controls to protect against threats and vulnerabilities, including:
3.1. Access controls and user authentication
3.2. Data encryption in transit and at rest
3.3. Secure network architecture
3.4. Endpoint protection
3.5. Regular security patching and updates
3.6. Physical security measures for our facilities
4. Awareness and Training. We provide ongoing security awareness training to all employees and contractors, ensuring they understand their responsibilities in protecting sensitive information and recognizing potential security threats.
5. Incident Response. We maintain a robust incident response capability to quickly detect, respond to and mitigate security incidents, with clear procedures for notification, containment, eradication and recovery.
6. Continuous Improvement. Our security program undergoes constant evaluation and enhancement through:
6.1. Regular security assessments
6.2. Industry benchmarking
6.3. Monitoring of emerging threats
6.4. Integration of lessons learned from incidents
7. Third-Party Risk Management. We assess and manage risks associated with our vendors and partners, ensuring they meet our security standards when handling our data or accessing our systems.
8. Compliance. Our program is designed to meet or exceed relevant industry standards and regulatory requirements, including but not limited to:
8.1 GDPR
8.2 CCPA/CPRA
8.3. HIPAA
8.4 FERPA
9. Security Standards. Doctums aligns its information security practices with industry-recognized frameworks, including:
9.1. NIST Cybersecurity Framework
9.2. ISO 27001 principles
9.3. CIS Controls
For specific questions about our information security program or to request additional information, please contact security@doctums.com.
This page provides an overview of Doctums' Information Security Program and may be updated periodically to reflect enhancements to our security practices.