PainChek® is an internet-enabled application. There are risks inherent in these types of applications, and PainChek is not immune to such risks. These risks include:
-
Man-in-the-Middle attacks (people spying on the data between the application and our servers).
-
Intentional misuse of the product resulting in a cybersecurity incident (malicious insider threat).
-
Unintentional misuse of the product resulting in a cybersecurity incident.
-
Loss of Personally Identifiable Information, or Personal Health Information (PII/PHI) due to malicious data breach.
PainChek has implemented a comprehensive mitigation programme which aims to reduce the exploitability of our identified risks. Mitigations for these risks include:
-
Secure network architectural design based on industry best practices and insecure configuration detection tools built into our infrastructure-as-code deployment strategy.
-
At least annual penetration testing of both our applications, and network.
-
Audit logging of user actions within the system.
-
Static Application Security Testing as part of our code control process.
-
Vulnerability scanning and third-party library dependency checking integrated into our code control process.
-
Implementation of enforced TLS communication between the PainChek® application and our backend servers.