Customers of many firms experience identity theft and unauthorized access to their information. Protecting customer information must be a top priority for any business in this age. Therefore it is vital for our company to implement policies and guidelines to guarantee that our customer’s information is safe and in good hands.

We at our Floral Clinic Physiotherapy Service implement our own information security policy and ensure that various methods and guidelines are in place with the main objective to protect and prevent unauthorized access, sharing or distribution of our customer’s information. 

We use MS Access to store client information locally. Collection of information is kept minimal and only required information such as name, contact, address and health information may be collected from the client. Only authorized employees can access the database via the single computer at the office.

Our policy and guidelines are applicable to staff at all levels and locations and must be followed at all times. Everyone working with us including our suppliers and clients are trained and updated about the policy. The brief details about it are listed below:

1. Access to client information is limited to employees who require it to perform their job duties. Everyone is required to sign a Non-Disclosure Agreement before accessing customer’s information. A procedure must be in place regarding the withdrawal of privileges in case employment is terminated by resignation or dismissal.
2. Gather only the information we need to conduct business with customers. Gathering unnecessary information from the customer is avoided.
3. Encrypt database with industry standard encryption tool. Also use encrypted connection to the online booking system. Generation, distribution, storage and destruction of encryption keys must be well managed by the top authority.
4. Maintain strong passwords for secure login to the database and backups. Password requirements should be determined by the sensitivity and classification of the data and the systems to which access is given. Ideally, a layered security policy model is established.
5. Use antivirus and cybersecurity tools such as Firewall and Email filtering. Also all software must be updated regularly for the latest security patches.
6. Use industry-leading secure payment gateways in online booking systems to ensure that our customer’s information is safe and secure.
7. Study and analyze how information flows and perform risk assessment. Understand the chain of events that occurs within the system.
8. Use offline backups rather than cloud storage. Cloud storage is more vulnerable to cyber threats and leaks.
9. Run only trusted applications and keep networks logically separated. Avoid connection to unprotected public networks.
10. Proper disposal of paper and electronic waste. Electronic data must be carefully disposed of. Merely moving electronic files such as emails and documents to the trash bin does not mean that the data has been permanently deleted.
11. Physical drives and backups must be safely locked from unauthorized access. Physical security including doors, windows, alarms and video surveillance must be in place.

Our clients are our biggest priority and these guidelines drive our everyday actions. We are firm in our commitment to following them at all times. We care for our clients and their information and constantly keep up with emerging techs and developments to ensure everything is safe, secure and fast.