Noted takes the safety of your data very seriously. That is why it is at the forefront of everything we do.
To honour this commitment, we engage in the following multi-layered data protection processes.
Current security features
World class storage facilities
Noted is hosted by Amazon Web Services whose data centres and network architecture are built to meet the requirements of the most security-sensitive organisations around the world.
Accreditations and compliance certifications
As mentioned we use Amazon Web Services (AWS) as our hosting partner. It’s accreditations include:
- GDPR (European privacy standard)
- HIPAA (US health privacy standard)
All client data is encrypted in transit and at rest and is not stored on user devices. Sensitive data, such as identity data, is encrypted at field level and uses an advanced identity and key management system that ensures secure and managed access to data. This allows us to compartmentalise data to reduce impact and risk.
Our infrastructure is monitored 24/7/365 days of the year by automated systems and also by our managed service partners. Noted has an on-site security officer who is responsible for Noted’s Information and Security programme. This programme is focused on identifying any foreseeable and internal risks, as well as conducting frequent risk assessments and testing to minimise any potential security threats.
Noted is constantly updating and improving its infrastructure and processes to comply with various standards including HIPAA, GDPR, CIS, HISO. Noted has also been trusted to connect to the Ministry of Health and ACC - in New Zealand, as well as other sensitive environments.
The Noted team has limited access to customer data; only what has been agreed upon in customer contracts and agreements. User access is also strictly monitored and governed to reduce risk, e.g: access is instantly revoked from staff if it is no longer needed.
Noted data is backed-up at least daily and stored in multiple secure locations. Backups are also encrypted and stored in secure long-term storage for at least eight years.
Noted has the ability to integrate with your organisation using our restful API. Our API provides strong encryption, secure authentication, and authorisation, and all actions and traffic is logged and audited for security purposes.
No data sharing
Noted does not disclose or share any of your data with third parties or outside sources - except if we are required to by law, or at your request.
Need to know more?
If you would like to know more, please feel free to contact us at email@example.com