We put security & data privacy first
As we develop and deliver our solutions, we do our utmost to minimise the security risk and to protect patient data, also known as Protected Health Information (PHI).
Improved security features are continuously added to new software releases, and we work closely with our customers to ensure that our solutions are integrated with the hospital infrastructure in-line with best practices.
Changing the culture of a company is never easy but it can be done if the general tone and direction comes from the top. The security & privacy mindset at Oneview has come from the top, with full commitment from senior management and the board of directors. We have a standing company objective to “Protect our customers and our brand by putting security first”.
This has enabled security & data privacy to permeate their way into our company culture, so much so that words like security, data privacy, PHI, encryption and certificates are part of our daily parlance. In short, it is a collective responsibility shared by everyone in the company.
Secure Software Development Lifecycle
3rd Party Penetration Testing
Certifications & Compliance
ISO27001 & ISO27701
Oneview’s ISMS and PIMS are certified against the requirements of the ISO27001 and ISO27701 standards respectively. Certification and on-going surveillance audits are conducted by Certification Europe.
A BAA (Business Associates Agreement) is signed between Oneview and every customer which fall under the remit of HIPAA. The controls defined in the HIPAA Security and Privacy rules are included in our ISMS & PIMS to ensure that the appropriate technical, physical and administrative safeguards are in place.
Oneview is a Microsoft partner, in addition to our on-prem offerings, we offer our solutions on Microsoft’s Azure Cloud. Microsoft have invested heavily in the compliance of the Azure Cloud and there is a BAA in place between Oneview and Microsoft.