The Clinerion security framework structure comprises the Security Policy, SOPs for Physical and Logical Security and Work Instructions and Guidelines. This framework sets the rules for the organization-wide Data and IT Security governance.

The Clinerion Security Policy reflects the priorities of the business for the protection of people, assets, information and reputation, as well as the requirements of legal compliance in the operations and jurisdictions.  In addition, these basic principles provide the foundation for the culture of security awareness at Clinerion.

 

1. The Servers

Clinerion’s server infrastructure is hosted at an ISAE 3402 SSAE 16 Type II Certified Datacenter in Switzerland and subject to the data security classification and procedures outlined below.

 

2. The Security Policy

The Clinerion Security Policy is the framework for protective measures regarding physical and logical security. The following aspects need to be ensured for logical security:

  • Availability: operative appropriate and customized access to information with the relevant availability must be realized.
  • Confidentiality: confidential handling of information, particularly with respect to confidentially classified data must be ensured.
  • Integrity: comprehensiveness, accuracy and integrity must be appropriately guaranteed.

 

In addition, the following aspects need to be ensured for physical security:

  • Protection of Persons and Operations
  • Reporting, alarm organization and crisis management team

 

3. Governance

Clinerion operates under and complies fully with:

  • The laws of Switzerland (Bundesgesetz über den Datenschutz (DSG)).
  • The security framework requirements of the ISO 27001 standard.
  • The Electronic Health Record (EHR) Association's Developer Code of Conduct that encourages cooperative and transparent business practices among industry stakeholders.