Secure, Cloud-based System
We take the security of our clients’ data very seriously. Our fully encrypted cloud-based service, which means you can be confident your data is fully protected 24/7.
Your data remains encrypted in all of our backups, and that applies to both uploaded documents as well as text entered in to the system.
Above all, your data remains your data – ready to export from the system at any time.
Online banking-grade security
Amazon Web Services infrastructure
Fully managed hardware
Fully managed backups
Connection Security
When you first start to use CarePlanner, the system asks you to set passwords that contain at least one uppercase character and at least two non-letter symbols. You can choose to reduce or increase this security requirement, but our recommendation is always to leave it set at this level as a minimum. This will ensure that your staff passwords are not vulnerable to most dictionary-based, brute-force hacking attempts.
In addition, the CarePlanner system automatically blocks access when it detects several incorrect login attempts. This also reduces the effectiveness of brute-force attacks.
Infrastructure Security
Our main servers are located in Dublin, Ireland in a highly-secure data centre run by Amazon Web Services Inc.
Backups and Encryption
Once a day, the data in your system’s database and any uploaded documents are encrypted using AES 256-bit encryption and transferred to a secure storage service (within the European Union).
All sensitive staff and service user data – such as names, address, National Insurance numbers etc. – are stored in an encrypted format (again, using a 256-bit algorithm) in any backup of the database. This means that anyone who somehow managed to obtain a copy of your database would have no access to such information.
Data Protection
We also are registered with the Information Commissioner’s Office (ICO), registration number ZA301465.
Data Retention
Encrypted, instant-access system backups are retained for 14 days, after which they are archived for five months.
In the event of a customer leaving the platform, data is retained in line with our data retention schedule, unless otherwise requested by the customer.
The data at all times remains the customer’s possession, although most information is readily available in spreadsheet format via the reports section.