Security and regulatory compliance

Home / Security and regulatory compliance

Information is an asset that is essential to P2link’s business and consequently needs to be suitably protected. This is especially important in the increasingly interconnected business environment and in the medical information domain.

Information Security policy
Because of this increasing interconnectivity, information and information systems are now exposed to a growing number and a wider variety of threats and vulnerabilities.
Information system security is the protection of information from a wide range of threats to ensure business continuity, ensure data confidentiality and integrity and minimize business risk.
Information system security (availability, integrity, confidentiality) is achieved by implementing a suitable set of controls, including policies, processes, procedures, organizational structures and software and hardware functions.
P2link and its information systems and networks may face security threats from a wide range of sources, including computer-assisted fraud, espionage, sabotage, vandalism, fire or flood. Causes of damage such as malicious code, computer hacking, and data exposure have become more common, more ambitious, and increasingly sophisticated
P2link security policy is based on the following three main criteria:
– Availability: systems and data must be available to authorized users during the working hours, or as required by each client environment;
– Integrity: the system must ensure data are not corrupted nor modified in an unauthorized manner;
– Confidentiality: the system must ensure that only duly authorized person access data they are entitled to access.

Regulatory compliance
Information Security and privacy must also comply with multiple regulations, such as:
– HIPAA, standing for Health Insurance Portability and Accountability Act, enforced in 1996 in the USA, establishes policies and procedures for maintaining the privacy and the security of individually identifiable health information, outlines numerous offenses relating to health care, and establishes civil and criminal penalties for violations;
– GDPR, standing for General Data Protection Regulation, is a regulation enforced in May 2018 in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area, also addressing export of information outside of the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU;
– Other system in the world, P2link will adapt its solution thanks to our mastering of HIPAA and GDPR.
In order to comply with those regulations, P2link has developed and enforced a set of policies and procedures, a proper governance, and selected the top-of-edge technologies, as presented in the next section.