Safeguards for 3Shape Lab Management Software (LMS)
11/02/20253Shape has implemented a range of best practice processes and industry-standard safeguards to protect personal data in its products and services. The security measures for 3Shape Lab Management Software (LMS) are divided into two categories: organizational and technical. Detailed information on these safeguards is provided below:
Technical security measures
Access controls
3Shape enforces strict access controls across its services. LMS users authenticate through 3Shape Account, which manages authentication methods and strength via its Single Sign-On system. Lab administrators can control access to specific LMS features for individual users, ensuring secure and role-based management of permissions.
Data Encryption & Data Loss
3Shape prioritizes data security and always encrypts data in transit to protect confidentiality and integrity. The LMS is a web-based platform that runs in a browser, with all data transmission secured through HTTPS encryption. This ensures that information remains protected and unreadable to unauthorized parties, even if intercepted.
Logging and Auditing
3Shape ensures transparency and security through comprehensive logging and auditing. The LMS maintains an event log that records significant changes, creating a detailed audit trail. This enables monitoring of system activities, supports compliance requirements, and helps detect any unauthorized modifications.
Intrusion Detection and Prevention
3Shape implements robust security measures to protect against potential threats. Various logging and alerting systems are in place to detect and respond to intrusion attempts in real time. Additionally, strict access controls serve as the primary method of intrusion prevention, ensuring that only authorized users can access LMS resources.
Firewalls
3Shape employs multiple layers of security to protect LMS data and infrastructure, including network protections such as firewalls, which help prevent unauthorized access and safeguard against potential threats.
Secure Coding Practices
3Shape follows strict secure coding practices to ensure the security and reliability of LMS. Every code update undergoes a thorough peer review by another developer to identify and mitigate potential security risks before testing and release. This process helps maintain high security standards and software integrity.
Backup and Recovery
3Shape ensures data protection through continuous and automated backups of all data stored in the LMS. These backups support data integrity, enable recovery in case of unexpected incidents, and help maintain business continuity.
Network Segmentation
3Shape enhances security through network segmentation, ensuring that LMS cloud services communicate within isolated virtual private networks. These networks are separated from the internet and other 3Shape cloud services, reducing exposure to external threats and enhancing data protection.
Vulnerability Management
The LMS undergoes regular vulnerability assessments, including both internal and external penetration testing. These ongoing evaluations help identify and address potential security risks, ensuring the system remains resilient against threats.
Cloud Security Controls
3Shape implements strict cloud security controls to protect LMS resources and data. Access is limited to authorized 3Shape personnel who require it for maintaining and improving the services, ensuring a secure and controlled environment.
Organizational security measures
3Shape's organizational security measures
Policies for information & personal data security
3Shape prioritizes the security and privacy of information and personal data. We have implemented comprehensive policies that govern how information and personal data is handled and protected to ensure that it is secure and processed in compliance with the highest industry standards and regulations, especially GDPR and HIPAA (including Information Security Policy, Data Protection Policy, Access control policy, Back-up Policy, Acceptable Use Policy, Retention Policy etc.)
Roles and responsibilities management
3Shape has implemented comprehensive roles and responsibilities management, which ensures that all roles related to the processing of information and personal data are clearly defined and assigned within our organization. This also includes the appointment of a Data Protection Officer (DPO) who plays a key role in ensuring that 3Shape complies with data protection laws and practices.
Risk Management
3Shape has implemented procedures that mandate regular risk assessments to identify and address any security vulnerabilities. Additionally, 3Shape assesses the risks of its activities on the privacy of data subjects when processing personal data.
Employee Training and Awareness Programs
3Shape prioritizes employee education and training in protecting information and personal data through mandatory regular trainings, various programs and campaigns to increase information security awareness.
Confidentiality of personnel and other people if having access to customer information and personal data
3Shape ensures the confidentiality of all personnel and any other individuals who have access to customer information and personal data. Confidentiality clauses in employment contracts, separate NDA agreements, and security policies are in place to govern the handling of information and personal data.
Data Classification
3Shape categorizes and labels data based on its confidentiality and business importance. This process allows for obtaining an appropriate level of security for individual categories of data, particularly for sensitive data (such as patient health data).
Incident Response Plan (IRP)
3Shape has developed a comprehensive Incident Response Plan (IRP) to quickly and efficiently address any security incidents or data breaches. This plan outlines the steps which must be taken from the initial detection of an incident through to resolution and post-incident analysis. It ensures that 3Shape can contain threats, minimize damage, and recover operations with minimal disruption.
Disaster Recovery & Business Continuity Plans
3Shape maintains disaster recovery and business continuity plans and processes to ensure the continuation of services and effective recovery. These plans are regularly tested to ensure their accuracy and efficiency in the event of an emergency.
Change Management Procedures
3Shape has established procedures for managing changes to systems, software, and configurations. These protocols ensure that any modifications undergo thorough planning, documentation, review, and implementation.
Audit and Compliance Reviews
3Shape conducts regular audits and compliance reviews to ensure adherence to industry standards and regulatory requirements. These reviews involve thorough assessments of 3Shape's security measures, policies, and procedures to identify any gaps or non-compliance issues. Any findings are proactively communicated to data owners, and remedial measures are implemented promptly.
Third Party Management
3Shape manages third-party involvement by selecting and overseeing external partners and vendors who have access to our systems or handle personal data. 3Shape implements strict compliance review processes to assess third-party security practices and ensure they comply with 3Shape's standards and regulatory requirements.
If you did not find the answers to your questions on this page or need more information about the security of personal data in 3Shape's products and services, please contact us at dpo@3Shape.com.