We take the security of our clients' data very seriously. Our fully-encrypted cloud-based service, which meets the ISO27001 'gold standard' for data security, means you can be confident your data is fully protected 24/7.

• Highly secure - we use the same encryption as online banking
• We use technology from market-leader Amazon Web Services
• There is no need for you to install any software, or maintain any servers on your own premises, removing a key source of security breaches
• All data backups are managed by CarePlanner, and remain fully encrypted

Connection Security

Whenever you connect to the CarePlanner system via a web browser, your connection is made securely using the same encryption standards used in online banking (SSL/TLS using 256 bit keys). This makes it almost impossible for anyone to eavesdrop on your connection whilst you are using, sending data to, or retrieving data from, CarePlanner.

When you first start to use CarePlanner, the system asks you to set passwords that contain at least one uppercase character and at least two non-letter symbols. You can choose to reduce or increase this security requirement, but our recommendation is always to leave it set at this level as a minimum. This will ensure that your staff passwords are not vulnerable to most dictionary-based, brute-force hacking attempts.

In addition, the CarePlanner system automatically blocks access when it detects several incorrect login attempts. This also reduces the effectiveness of brute-force attacks.

Infrastructure Security

CarePlanner uses a distributed infrastructure that does not have a single point of failure. Every one of our servers and backup facilities is located within the European Union.

Our main servers are located in Dublin, Ireland in a highly-secure datacenter run by Amazon Web Services

Backups and Encryption

All changes made on a CarePlanner system are instantly replicated between multiple databases, and, as such, point-in-time recovery is possible. This means that, in event of a serious system or user error, your database can be 'rolled back' to a point in time specified in minutes and seconds. Once a day, the data in your system's database and any uploaded documents are encrypted using AES 256 bit encryption and transferred to a secure storage service (within the European Union).

All sensitive staff and service user data - such as names, address, National Insurance numbers etc. - are encrypted immediately (again, using an highly secure algorithm) and stored in an encrypted format even in the live database. This means that in the extremely unlikely event that someone managed to obtain a copy of your database would have no access to such information.

Data Protection

We take the security and protection of your data extremely seriously at CarePlanner, and have taken various steps to ensure this. We have use a multi-factor identification system to gain access to any customer data that involves the use of secure One Time Password (OTP) devices, identical to those used by some online banking systems.

We also are registered with the Information Commissioners Office (ICO), registration number 550352.

Data Retention

Encrypted, instant-access system backups are retained for 3 months, after which they are archived for a further nine months.

In the event of a customer leaving the platform, data is retained for one month and then destroyed, unless otherwise requested by the customer.

The data at all times remains the customer's possession, although most information is readily available in spreadsheet format via the reports section.