Floral Clinic Physiotherapy Service- use secure data storage applies to data at rest stored in the server, external hard drives, and network-based storage area network (SAN).

• Data encryption
• Access control mechanism at each data storage device
• Protection against viruses, worms, and other data corruption threats
• Physical storage device and infrastructure security
• Enforcement and implementation of tiered storage security architecture
• Secure data storage to avoid data theft and ensure uninterrupted operations.

Floral Clinic Physiotherapy Service seeks to ensure “CIA” as below contents to avoid the vulnerabilities inherent in storage systems such as Lack of encryption, Complexity of Cloud storage, Incomplete data destruction, and Lack of physical security.

• Confidentiality ensures that the data cannot be accessed either over a network or locally by unauthorized people
• Integrity ensures that the data cannot be tampered with or changed.
Availability minimizes the risk that storage resources are deliberately destroyed or made inaccessible.

Floral Clinic Physiotherapy Service has implemented the following data security best practices:

• Our service wrote Data storage security policies for the different types of data that include details on the security measures on the storage devices used by our service.
• IT staff also be sure to change any default passwords on our service's storage devices and to enforce the use of strong passwords by users.
• IT staff need to have a secure key management system for tracking our service's encryption keys.
• Our service deployed data loss prevention (DLP) solutions by monitoring, detecting, and blocking sensitive data while in use, in motion, and at rest.
• Our service used strong network security systems that are firewalls, anti-malware protection, security gateways, intrusion detection systems, and possibly advanced analytics.
• Redundant storage data is copied onto multiple drives
• Storage managers make sure their backup systems and processes are adequate and have the same level of data security in place as primary systems.

Retention security log

Maintaining cybersecurity needs and meeting Floral Clinic Physiotherapy Service’s data compliance regulations. Maintaining a reliable security log is not only a good security posture but brings our service’s mind. Besides, keeping logs is important to keep our service safe and within compliance.

User IDs and credentials, terminal identities, system configuration changes, date and timestamp information for access to key assets, successful and failed login attempts, and activity logs of unauthorized access attempts are the important Log types of Floral Clinic Physiotherapy Service. Our service keeps audit logs, IDS (Intrusion Detection System) logs, firewall logs for a minimum of two months, and audit logs for three years.

Floral Clinic Physiotherapy Service implements Security log retention as follows:

1. Define the worth audit categories.
2. Use security monitoring software that is available for this and keeps tabs on security logs to make sure there are no cybersecurity breaches
3. Automating logs to make sure the right data is collected, and the security logs are reliable.
4. Storing redundant log data in database records and as compressed flat files.
5. Floral Clinic Physiotherapy Service uses a strong tool that responds to threats with early action, including sending alerts, logging off users, or even shutting down and restarting systems.
6. Focusing on user activity can run reports based on user activity logs, and pay special attention to accounts with privileged access while keeping watch for abnormal usage.
7. Evolve event logging monitoring.
8. Update and give a reliable report to meet the needs of related parties and provide the evidence required to show our service meets compliance.