The continued security and privacy of the data stored on the ClinicalWill platform is our top priority. Our founders include an experienced psychotherapist who intimately understands the importance of client confidentiality, and a leader in the Information Technology & Security industry experienced in securing web applications to Government standards.
The security of the platform has been independently tested by CREST accredited cyber security experts Marclay Associates Limited. Customer data is stored at highly secure datacentres which are trusted by Governments and Businesses globally.
Clinical Will has had security and privacy baked into its design since inception. The following sections detail the application, server and operational level protections in place.
When accessing the ClinicalWill platform users’ sessions are automatically timed out after 15 minutes of inactivity. After this time, the user is required to log in again to access the application. This vastly reduces the risk of the session being hijacked by a following user on the same device.
The application enforces that passwords must be at least 10 characters in length, with at least one uppercase, lowercase and numeric character. We do not store passwords in plain text in our database, rather they are converted using a mathematical hash function into an output which cannot be used to retrieve the password. To stop users having a recognisable hash, a random value (known as a salt) is added to the input of the hash function. This is industry best practice for secure password management.
We encourage users to activate our email-based two-factor authentication (2FA) feature to enhance their account's security. With 2FA enabled, in addition to their password, users must enter a unique 6-digit code sent to their registered email address during the login process. When a Practitioner activates 2FA, it becomes mandatory for all associated users, including their Clinical Trustees and Next of Kin, who also have access to some aspects of the account.
To further enhance the security of user accounts and prevent repeated attempts at passwords, we have implemented a policy that limits the number of login attempts per day. Users are allowed a predefined number of incorrect login attempts within a 24-hour period. After reaching this limit, the account will be temporarily locked, preventing further login attempts.
The application is managed following a Linux container methodology provided by Heroku (owned by salesforce.com) and hosted on Amazon Web Services (AWS) in Ireland, Europe. The container model ensures that applications are strongly isolated from one another for security purposes. Heroku uses Operating System containerization with additional custom hardening to ensure that access is properly restricted for all customers. For additional technical information see: https://devcenter.heroku.com/articles/dynos
The Amazon Web Services datacentres where the customer data resides are accredited to SAS 70 Type II, SSAE 16 and ISO 27001:2013. For more information including physical security, environmental safeguards, network, data, and system security see: https://aws.amazon.com/security
Members of the ClinicalWill team can only access the infrastructure with a second factor of authentication on top of a one-way salted and hashed password.
The security of the platform has been independently tested by CREST accredited cyber security experts Marclay Associates Limited. Penetration testing of the ClinicalWill application and hosting environment has been carried out by independent testers prior to launch, and ahead of major releases. Findings from each assessment are reviewed with the assessors, risk ranked, and assigned to the responsible team for resolution.
User data is backed up daily and can be used to recover from local disasters or unexpected circumstances impacting the availability or integrity of the primary copy. They are securely stored within the Amazon Web Services infrastructure across multiple locations and designed to offer 99.999999999% durability, 99.99% availability and can sustain the concurrent loss of data in two facilities.
The ClinicalWill application is registered under the .app domain extension created by Google with added security built in as standard. All .app applications are required to use HTTPS encryption of web traffic between the user’s browser and the servers hosting the application. For more information visit: https://www.blog.google/technology/developers/introducing-app-more-secure-home-apps-web/.
In meeting our obligations under the General Data Protection Regulation (GDPR) there are robust breach detection, investigation, and internal reporting procedures in place. These allow for breaches to be reported to data subjects and the relevant supervisory authority within 72 hours of discovery and without undue delay.
All customer and system data is stored within Amazon Web Services’ secure data centre in the EU, Dublin region.