Data security within systems like Elements is a multi-faceted topic. When prospects or customers come to us with questions, the areas covered can include encryption, authentication, access control, e-signatures and audit trailing, physical security, and even disaster recovery.
Such topics are not quite as newsworthy as spyware attacks on WhatsAPP, but are important to our customers and to us. So how do we, together, keep your data safe?
Risk
The first step when assessing data security for Elements is to understand the risk levels. This is one of those topics where the customer’s opinion is more important than ours, but in general, Elements is fairly low risk for data security. Elements data is not considered to fall under HIPAA and normally has minimal commercial value. Probably the main risk for external threats would be from malicious attacks (perhaps related to animal rights or the old standby “disgruntled former employee”). Conversely, Elements is important for compliance, and can be business and time-critical for items such as running billing.
For new customers, depending on your size and situation, it may be worthwhile undertaking a risk assessment as part of your procurement process, or at least including data security-related questions in your vendor assessment.
Us and Them
Another key factor in assessing risk and understanding data security related to Elements is the IT environment. In practice, this comes down to “Is TOPAZ hosting over the Internet, or is Elements on our internal network”?
If the former, then you are reliant on TOPAZ and our hosting infrastructure for most aspects of security. If the latter, then most aspects of security are the responsibility of your internal IT team.
To continue this blog series, we’ll be exploring some of the nuances of data security within Elements. How exciting, right?!