3Shape's organizational security measures

3Shape prioritizes the security and privacy of information and personal data. We have implemented comprehensive policies that govern how information and personal data is handled and protected to ensure that it is secure and processed in compliance with the highest industry standards and regulations, especially GDPR and HIPAA (including Information Security Policy, Data Protection Policy, Access control policy, Back-up Policy, Acceptable Use Policy, Retention Policy etc.)

3Shape has implemented comprehensive roles and responsibilities management, which ensures that all roles related to the processing of information and personal data are clearly defined and assigned within our organization. This also includes the appointment of a Data Protection Officer (DPO) who plays a key role in ensuring that 3Shape complies with data protection laws and practices.

3Shape has implemented procedures that mandate regular risk assessments to identify and address any security vulnerabilities. Additionally, 3Shape assesses the risks of its activities on the privacy of data subjects when processing personal data.

3Shape prioritizes employee education and training in protecting information and personal data through mandatory regular trainings, various programs and campaigns to increase information security awareness.

3Shape ensures the confidentiality of all personnel and any other individuals who have access to customer information and personal data. Confidentiality clauses in employment contracts, separate NDA agreements, and security policies are in place to govern the handling of information and personal data.

3Shape categorizes and labels data based on its confidentiality and business importance. This process allows for obtaining an appropriate level of security for individual categories of data, particularly for sensitive data (such as patient health data).

3Shape has developed a comprehensive Incident Response Plan (IRP) to quickly and efficiently address any security incidents or data breaches. This plan outlines the steps which must be taken from the initial detection of an incident through to resolution and post-incident analysis. It ensures that 3Shape can contain threats, minimize damage, and recover operations with minimal disruption. 

3Shape maintains disaster recovery and business continuity plans and processes to ensure the continuation of services and effective recovery. These plans are regularly tested to ensure their accuracy and efficiency in the event of an emergency.

3Shape has established procedures for managing changes to systems, software, and configurations. These protocols ensure that any modifications undergo thorough planning, documentation, review, and implementation. 

3Shape conducts regular audits and compliance reviews to ensure adherence to industry standards and regulatory requirements. These reviews involve thorough assessments of 3Shape's security measures, policies, and procedures to identify any gaps or non-compliance issues. Any findings are proactively communicated to data owners, and remedial measures are implemented promptly.

3Shape manages third-party involvement by selecting and overseeing external partners and vendors who have access to our systems or handle personal data. 3Shape implements strict compliance review processes to assess third-party security practices and ensure they comply with 3Shape's standards and regulatory requirements.