MeFy Care Private Ltd.

Security Policy

Security Program and Organization

MeFy’s Security Program utilizes industry leading, risk-based, frameworks and standards. MeFy has a security team led by a Chief Technology Officer(CTO) who is also responsible for the development and maintenance of security policies, enforcing security operations and monitoring technical security within the company and associated third parties.

Security Policies, Processes, and Procedures

At MeFy, we understand that fostering a healthy security culture begins by providing our employees with security policies, processes, and procedures to help make good decisions when building our products and managing sensitive customer data.

Secure Development Lifecycle (SDLC)

MeFy follows a “secure by design” approach whereby security is treated as a top priority at all stages of product and application development. We implement controls such as threat modeling for new features, code review, regression testing, deployment controls, vulnerability scanning and penetration testing. Access Controls

Application Layer

The MeFy Care Android, iOS and Web applications enforce strict user authentication. The MeFy Care Android and iOS app requires that hardware device encryption is enabled before log-in and connecting is allowed.

All data is encrypted in transit and at rest. Administrators of a MeFy Cloud team subscription maintain full control over which users have access to their private data.

For our enterprise stakeholders, MeFy has developed three additional layers of enhanced, defensive security: Single Sign On, Enterprise Mobility Management Restrictions, and Custom Inactivity Timeout.

Infrastructure Layer

MeFy Cloud is a multi-tenant distributed system, built with a highly redundant architecture. MeFy Cloud incorporates multiple layers of physical, policy, and technical safeguards.

Data Protection Controls

Customer data in MeFy Cloud is further secured by a container orchestration platform (Aptible Enclave) that implements security best practices and controls for the deployment of healthcare applications such as AES 256-bit encryption for data at rest, monitoring and logging, vulnerability management and system hardening. Videoconference implements standard protocols on an end-to-end encrypted P2P structure.

Disaster Recovery and Business Continuity

MeFy Network conducts daily backups to data centers to ensure customer data is easily recoverable in the event of a disaster. Backup plans and disaster plans are in place and tested quarterly.

Compliance and Certifications

MeFy Network aims to SOC 2 (Type 1) certified, which will attest to our compliance with Privacy, Security, Confidentiality and Availability criteria as well as HIPAA and HITECH regulations. MeFy also has a global privacy program that meets the requirements of data protection regulations such as the EU General Data Protection Regulation (GDPR).

Our security controls are constantly evolving to keep up with the dynamic threat landscape, so we may update this page from time to time to reflect these technical or administrative changes. Please check this page often to view our latest controls.