HealthCare Logic shares a strong commitment to safeguarding sensitive information and maintaining the trust placed in us by our customers, partners, and stakeholders.
HealthCare Logic’s security practices follows a structured, risk‑based approach to the design, implementation, and ongoing maintenance of controls that support a secure and privacy‑aware operational environment. Our practices are designed to ensure that information assets are protected against unauthorised access, disclosure, alteration, and loss, while supporting regulatory compliance and operational resilience.
It is the objective of HealthCare Logic that all customer interactions demonstrate our respect for information privacy and our commitment to transparent, responsible, and ethical data handling practices. Security and privacy considerations are embedded into our people, processes, and technology, ensuring that the protection of customer data remains a foundational principle across our operations.
Yes. HealthCare Logic operates a formal ISMS with documented policies and procedures covering (not limited to) information security governance, risk management, incident management, access control, secure development, vendor management, logging/monitoring and business continuity.
HealthCare Logic has received ISO 27001:2022 certification and maintains an information security program aligned to ISO 27001.
Yes. HealthCare Logic’s Information Security Policy explicitly commits to protecting information from unauthorised access and maintaining confidentiality, integrity, and availability, along with required security training and breach reporting/investigation.
HealthCare Logic follows internal governance for internal audits and management review cycles. All staff are required to acknowledge that they have read and understood security policies and procedures as part of ongoing compliance.
Yes. HealthCare Logic carries out internal security auditing and reviews, along with penetration and security testing performed at minimum, on an annual basis.
Yes. All employees and contractors perform mandatory security awareness training annually, with training records maintained. There is also a mandatory induction and annual refreshers covering common security topics (clean desk/screen, BYOD, phishing, malware, etc).
Yes. HealthCare Logic conducts pre‑employment screening which includes:
Yes. HealthCare Logic employment/engagement terms mandate compliance with information security policies, confidentiality obligations during and after employment, and disciplinary consequences for breaches.
HealthCare Logic's Access Control Policy requires access to be authorised based on job role and business need, applying least privilege, avoiding generic accounts, associating accounts with an owner, and reviewing access rights regularly.
The Access Control Policy covers the full access lifecycle (grant/modify/revoke), including approval by appropriate authorities and removal/disablement when a user changes roles or leaves.
Yes. The Access Control Policy includes privileged access controls, ownership requirements for privileged accounts, and stronger password requirements for privileged access.
Yes. MFA is employed for accounts, along with phishing resistant controls, conditional access policies and risk-based access prevention.
Yes. HealthCare Logic requires the use of modern, accepted protocols and encryption practices for sensitive data transmission.
Yes. Data stored in databases, software systems, endpoints and servers are encrypted at rest, following HealthCare Logic Key Management & Cryptography Policy for best practices
HealthCare Logic's Key Management & Cryptography Policy describes secure storage and handling of keys (including use of secure containers and RBAC controls).
Yes. HealthCare Logic's Logging & Monitoring policy requires logging and monitoring of access and security events, with secure log retention and review processes.
Yes, logs are to be kept secure, retained, and reviewed on a routine basis.
HealthCare Logic ISMS includes network security and change management expectations for timely patching and responding to discovered flaws, plus vulnerability and penetration testing management processes.
Yes. HealthCare Logic include maintaining endpoint protection and device encryption coverage for company devices, including encryption and security controls for BYOD.
The ISMS Change Management Policy requires documented change requests, approval before production changes, communication of planned changes, rollback preparedness, and post‑change review.
Yes. HealthCare Logic follows a SystemView-specific Release Process and Testing SOP. All changes to SystemView go through this structured process. We operate under a Shared Responsibility Model, which allows release workflows to be integrated into each customer’s environment with stakeholder engagement. As every customer has unique governance and CAB processes, HealthCare Logic works closely with customers to ensure alignment with their change management requirements.
Yes. We follow segregation principles as part of secure engineering and network practices to ensure environments are separated.
Yes. HealthCare Logic holds and practices the Backup and Restoration Policy, which includes periodic backups, off‑location storage, documentation, and periodic review/testing of backup recoverability.
Yes. HealthCare Logic has a formal BC/DR Policy with plans tested and reviewed at regular intervals
For customer‑hosted deployments, certain controls (e.g., data centre physical security, infrastructure malware protection, infrastructure patching) remain the customer’s responsibility, while HealthCare Logic applies standard controls to HCL‑managed environments and application-layer processes.
Yes. HealthCare Logic has a formal Incident and Improvement Management Policy, which includes identification, recording, corrective actions, and review of incidents, including use of a central register and a Cyber Security Incident Response Plan.
Yes. HealthCare Logic includes procedures to notify affected individuals and regulators in accordance with local laws. HealthCare Logic will notify customers per contract and applicable law.
Yes. HealthCare Logic includes a Vendor Management Policy. This outlines evaluating providers, requiring security controls, contractual obligations, and periodically re‑evaluating suppliers. Third parties are also held to required security obligations, which can include overlap with customer governance for supply chain requirements.
No.
The Health organisation controls the use of patient personal information. HealthCare Logic processes patient data in accordance with the health organisation’s instructions.
No.
Our privacy policy explains data handling and the types of information that may be collected and used, which can vary by region and deployment.
Information collected via our website includes form submission data such as name, email, role and contact phone numbers.
Individuals may request access and correction of personal information by contacting HealthCare Logic privacy@healthcarelogic.com. HealthCare Logic may require identification before releasing requested information.
Yes. The Privacy Policy outlines complaint handling, including acknowledging complaints within a short timeframe and aiming to resolve within 30 days, and includes escalation to the OAIC if needed.
Data retention follows our Privacy Policy, data retention principles, and contractual agreements.
HealthCare Logic follows a structured customer data disposal process, including formal deletion requests, verification, secure/permanent deletion, documentation, and vendor disposal requests when third parties are involved.
Asset management and technology equipment handling/disposal policies covering sanitisation/wiping, disposal, and records of disposal actions.
