Security Statement (18 November 2020)

Enterprise grade security to ensure your data is protected at all times. 
GoodHuman’s security infrastructure has been developed from inception to protect your organisation’s most important asset, your data.

We build security into every aspect of our product and processes, without sacrificing usability, so you can get the most value out of GoodHuman and stay focussed on creating magical experiences for your customers.

GoodHuman’s industry-leading security program is based on an absolute commitment to securing your organisation’s data at every layer. As part of this commitment, GoodHuman is fully compliant with leading certifications that are broadly recognised as defining the security standards across multiple geographies. These include but are not limited to:

  • HIPAA (US)
  • ISO27001 (AU)

These industry standards address the protection of consumer data across Australia and the US and are accepted as the established guidelines for industry best practice. Each have varied areas of focus but share some common themes. These relate to:

  • Strict adherence to consumer consent while acquiring their personal details. Organisations can no longer use sneaky opt-out strategies that assume consumers’ consent by default.

  • Right to be forgotten – healthcare providers can no longer hold patient data indefinitely and must delete this information permanently upon request.

  • High security storage – it is mandatory for healthcare service providers to deploy adequate security, encryption, pseudonymisation, redundancy and intrusion detection mechanisms in order to ensure that consumer data is not compromised in any way.

To meet these standards GoodHuman must have physical, network and process security measures in place that drive the way in which we build our tools, manage processes and make decisions. Beyond meeting industry standards, GoodHuman’s security approach focuses on security governance, risk management and compliance.

GoodHuman includes a robust set of security and data protection product features that give you the control, visibility and flexibility that you need to manage all your security challenges, without compromising agility. This includes encryption at rest and in transit, network security and server hardening, administrative access control, system monitoring, logging, alerting and more. A summary of our areas of focus and approach includes:


1. Identity Management

Securing your information starts with identity controls, no matter where your users are located. GoodHuman allows you to manage users and permissions, streamline authentication and assign roles and permissions. We give you solutions to ensure that only the right people can access your company’s information. Identity and access controls include:

  • Single sign-on (SSO)
  • Custom session duration
  • Two-factor authentication
  • User provisioning

2. Data Protection
By default, GoodHuman encrypts data at rest and in transit as part of our foundational security controls.  We also provide tools that give you even further visibility and control. These include:

  • Enterprise Key Management (EKM)
  • Data Loss Prevention (DLP)
  • Audit logs
  • App and integration management

3. Information Governance
Every company needs an ongoing strategy to reduce the risk of compromised data and there’s no one-size-fits-all approach. GoodHuman offers governance and risk-management capabilities that are flexible enough to meet your organisation’s needs, no matter what they are. These include:

  • Retention policies
  • eDiscovery
  • Exports (standard/corporate)
  • Custom terms of service (TOS)

Articles in this section

Was this article helpful?
0 out of 0 found this helpful