Safeguards for 3Shape Communicate

Safeguards for 3Shape Communicate

16/05/2024

3Shape has implemented a range of best practice processes and industry-standard safeguards to protect personal data in its products and services. The security measures for 3Shape Communicate are divided into two categories: organizational and technical. Detailed information on these safeguards is provided below:

Technical security measures

Access controls

Users in 3Shape Communicate are managed and authenticated through 3Shape Account, ensuring each user has a unique ID. This guarantees that dental professionals have access only to their own cases. Role-based access control allows different users to have access to specific resources based on their roles.

To prevent unauthorized access to patient information on unattended workstations or lost mobile devices, the 3Shape Communicate website and iOS application automatically log off after 15 minutes of inactivity. Authorization information and sessions also expire after 15 minutes.

 
 

Data Encryption 

Data sent via 3Shape Communicate is encrypted. This ensures that even if the data is intercepted during transmission to 3Shape Communicate servers, it remains unreadable to unauthorized parties.

3Shape Communicate uses TLS 1.3 AES-256 encryption.

 
 

Data protection techniques

Sensitive data in 3Shape Communicate is protected through tokenization or removal of sensitive details before access is granted to users with lower authentication protocols or to administrative-level users who do not own the data. This ensures that personal and sensitive information remains secure at all times.

 
 

Integrity controls

3Shape Communicate ensures data integrity and security at every step. Industry-standard algorithms prevent unauthorized tampering, ensuring data is received as intended. Users have full control to delete orders and patient information. Redundant file storage and the TLS 1.3 protocol protect against data loss and improper modifications during transmission. Digital signatures guarantee the validity of all authorization information. The data transfer protocol used by 3Shape Communicate™ features a built-in data integrity check, which guarantees that data is not improperly modified during transmission.

 
 

Logging and Auditing

3Shape Communicate includes comprehensive logging mechanisms that record every instance of access to patient data. Logs are generated in situations such as when a customer care team member accesses personal health information to provide support, when a service technician performs maintenance activities involving such data, or when a customer accesses their own personal health information. These access logs are regularly audited to ensure that all access to patient data is appropriate and authorized, enhancing the security and privacy of the information.

 
 

Intrusion Detection and Prevention (IDS & IPS)

3Shape Communicate employs advanced intrusion detection and prevention systems. Multi-layered access controls are utilized across all levels of the infrastructure to prevent unauthorized access. Leading intrusion detection technology is used to ensure continuous protection for storing sensitive information.

 
 

Firewalls

3Shape Communicate is protected by application-level firewalls that filter out unauthorized requests. Access to services, databases, and dependencies requires specific credentials, ensuring stringent security controls.

 
 

Secure Coding Practices

Security is integral to the development of 3Shape Communicate. Secure coding is prioritized from the start, with extra time dedicated to security improvements. Every code update is carefully reviewed by another developer to ensure it meets high security standards before testing and release. This thorough review process helps keep the software secure and reliable.

 
 

Patch Management

3Shape has adopted the ideology and techniques of CI/CD (continuous integration and continuous delivery). Tasks are prioritized and worked on daily, with results constantly pushed to a pre-production environment. Once several features or bug fixes are present in pre-production, they are released. Releases typically occur once a week on average. However, urgent updates may be released out of schedule when necessary.

 
 

Backup and Recovery

All data storage in 3Shape Communicateis continuously backed up using either locally-redundant or geo-redundant methods. This ensures protection against internal drive malfunctions and, with geo-redundancy, safeguards against regional service disruptions. Databases are backed up daily, allowing for recovery in the event of data loss. These backups are retained for 30 days to provide a safeguard against data corruption.

 
 

Network Segmentation

Network segmentation in 3Shape Communicate is achieved through regional separation of services. Each region operates within its own network, providing a layer of isolation. In the event of a security breach within one region, the impact is contained to that specific region.

 
 

Data Loss/Leakage Prevention (DLP)

3Shape Communicate prevents data loss and leakage through continuous monitoring and detection systems across all personal data storage. Robust access controls and data integrity systems detect any loss or unauthorized access. Additionally, all personal information is encrypted at rest, ensuring that any leaked data remains unreadable and secure. Comprehensive audit controls and logging further enhance security measures.

 
 

Organizational security measures

3Shape's organizational security measures 

 

Policies for information & personal data security 

3Shape prioritizes the security and privacy of information and personal data. We have implemented comprehensive policies that govern how information and personal data is handled and protected to ensure that it is secure and processed in compliance with the highest industry standards and regulations, especially GDPR and HIPAA (including Information Security Policy, Data Protection Policy, Access control policy, Back-up Policy, Acceptable Use Policy, Retention Policy etc.)

 
 

Roles and responsibilities management

3Shape has implemented comprehensive roles and responsibilities management, which ensures that all roles related to the processing of information and personal data are clearly defined and assigned within our organization. This also includes the appointment of a Data Protection Officer (DPO) who plays a key role in ensuring that 3Shape complies with data protection laws and practices.

 
 

Risk Management

3Shape has implemented procedures that mandate regular risk assessments to identify and address any security vulnerabilities. Additionally, 3Shape assesses the risks of its activities on the privacy of data subjects when processing personal data.

 
 

Employee Training and Awareness Programs

3Shape prioritizes employee education and training in protecting information and personal data through mandatory regular trainings, various programs and campaigns to increase information security awareness.

 
 

Confidentiality of personnel and other people if having access to customer information and personal data

3Shape ensures the confidentiality of all personnel and any other individuals who have access to customer information and personal data. Confidentiality clauses in employment contracts, separate NDA agreements, and security policies are in place to govern the handling of information and personal data.

 
 

Data Classification

3Shape categorizes and labels data based on its confidentiality and business importance. This process allows for obtaining an appropriate level of security for individual categories of data, particularly for sensitive data (such as patient health data).

 
 

Incident Response Plan (IRP)

3Shape has developed a comprehensive Incident Response Plan (IRP) to quickly and efficiently address any security incidents or data breaches. This plan outlines the steps which must be taken from the initial detection of an incident through to resolution and post-incident analysis. It ensures that 3Shape can contain threats, minimize damage, and recover operations with minimal disruption. 

 
 

Disaster Recovery & Business Continuity Plans

3Shape maintains disaster recovery and business continuity plans and processes to ensure the continuation of services and effective recovery. These plans are regularly tested to ensure their accuracy and efficiency in the event of an emergency.

 
 

Change Management Procedures

3Shape has established procedures for managing changes to systems, software, and configurations. These protocols ensure that any modifications undergo thorough planning, documentation, review, and implementation. 

 
 

Audit and Compliance Reviews

3Shape conducts regular audits and compliance reviews to ensure adherence to industry standards and regulatory requirements. These reviews involve thorough assessments of 3Shape's security measures, policies, and procedures to identify any gaps or non-compliance issues. Any findings are proactively communicated to data owners, and remedial measures are implemented promptly.

 
 

Third Party Management

3Shape manages third-party involvement by selecting and overseeing external partners and vendors who have access to our systems or handle personal data. 3Shape implements strict compliance review processes to assess third-party security practices and ensure they comply with 3Shape's standards and regulatory requirements.

 
 

If you did not find the answers to your questions on this page or need more information about the security of personal data in 3Shape's products and services, please contact us at dpo@3Shape.com.

Was this article helpful?

Give feedback about this article