There are a few key components to when it comes to assessing Cliniko's security:
Read on for further details!
Annual Security Assessment
We engage security consultancies to conduct formal security assessments of Cliniko. Conducted over a few weeks, the scope is a penetration test, source code review and a network perimeter assessment.
The security assessment is conducted annually and a Letter of Assessment is available to view and download here.
We run a bug bounty program that encourages independent security researchers to responsibly disclose any vulnerabilities they find within Cliniko, in return for a bounty.
The bug bounty program compliments our formal security assessment, as it's always active, and has a large coverage of Cliniko. It also allows us to respond and resolve potential bugs, before they may be exploited.
Vendor Assessment Questionnaire
We have chosen the Cloud Security Alliance's Consensus Assessments Initiative Questionnaire (CAIQ) Lite as our standard vendor assessment response. The CAIQ-Lite, is a concise series of yes or no questions, that correspond to security controls we have in place for Cliniko. We've also added comments to give additional context around some of the questions.
Cliniko's CAIQ-Lite is available to view and download here.
If you have any questions about security, please don't hesitate to contact us! Click the little "chat bubble" in the lower right-hand corner, and we can answer any questions you have. 🙂 💬 Alternatively, you can email us on firstname.lastname@example.org.