The Mirro platform has been developed for people who want to work on their mental health.
They may expect that the security of their data is arranged at a high level. Below is a summary of the measures taken by Mirro Foundation to meet these requirements.
Hosting & data storage
Both the Mirro platform and the associated data are hosted at KPN Interned Services. Information about their security policy and the relevant certificates can be found at https://www.kpn.com/business/security.htm.
All customer data is processed and stored within the European Economic Area (EEA),
All customer data is backed up at least once a day and stored outside the data center at two different KPN/Argeweb locations in the Netherlands.
Passwords and data within the modules are stored hashed: instead of plain text, it is converted into code with a hash. Unlike the encryption method, the code cannot be converted into the original data. In this way, all user data is more secure from hacker attacks.
Access security
Access to the Mirro platform (and all applications available within it) for users is done using a web browser via a connection that is secured with SSL encryption.
Access for application managers and developers to the application's database always runs through the local office network of NewHealth/Ortec. Users must be physically present at the office or log in via a VPN connection.
Access for development and maintenance is limited to specific, authorized individuals, whose system activities are logged and monitored.
All user accounts are protected by a password that must contain upper and lower case letters, numbers and special characters. This is enforced by the system.
Two-step authentication is optionally available for all users, and mandatory for all employees of NewHealth and Mirro Foundation.
Interfaces with customer systems (for example, for a Single Sign On from the customer's intranet) and third parties use SAML 2.0, OpenID or OAUTH2 authentication. They use internet connections with SSL encryption or direct one-to-one connections within the data center.
Safety management
The information security management system (ISMS) of NewHealth and Mirro Foundation is NEN7510 certified by Lloyd's Register certifications:
'Developing and managing E-Health SaaS solutions and online modules, the connection to related systems such as an Electronic Health Record (EHR), as well as the provision of services in relation to our products, all in accordance with the Declaration of Applicability of the NewHealth Group, version 3.0, dated 18-03-2021. Hosting and network management are outsourced'.
The last audit took place in April 2022.
Safety tests
The Mirro platform is regularly subjected to penetration tests, both gray and black box tests. Our current testing partner is Onvio Information Security (www.onvio.nl).
Laws and regulations
NewHealth and Mirro Foundation act in accordance with the General Data Protection Regulation (GDPR).
All NewHealth and Mirro Foundation employees and all hired workers are bound to secrecy of all customer data by means of a non-disclosure agreement,
Where applicable, a Processing Agreement has also been concluded with all subcontractors, in accordance with the AVG regulation.
More information?
Do you have additional questions? Send an e-mail with your questions to helpdesk@mirro.nl. Or ask your question via the contact form within the application. We will then contact you.
Mirro Foundation does everything it can to protect your data.
You can read how we have arranged this in the data protection policy.
Was dit artikel nuttig?
Dat is fantastisch!
Hartelijk dank voor uw beoordeling
Sorry dat we u niet konden helpen
Hartelijk dank voor uw beoordeling
Feedback verzonden
We stellen uw moeite op prijs en zullen proberen het artikel te verbeteren