Simplant and Atlantis Technical and Organizational Measures

Simplant and Atlantis

Technical and Organizational Measures

1.1 Physical Access Control

The purpose of the physical access control in place is to prevent unauthorized access to facilities where personal data is processed.

The Service uses Microsoft Azure as its cloud computing platform.  Azure data centers are managed by Microsoft, which adheres to security best practices and holds relevant certifications.  Access to Azure data centers is managed and controlled by Microsoft. 

Physical security measures in place at Azure data centers include:

• Perimeters are encompassed by steel and concrete fencing.  Bollards and other measures protect data center exteriors from potential threats, including unauthorized access
• Guards perform exterior and interior surveillance with closed circuit television (“CCTV”) cameras
• Security guard patrols ensure entry and exit are restricted to designated areas
• Entrance is restricted to those with valid business justification.  All requests are approved by Microsoft employees.  Permissions are limited to a certain period and then expire
• After Microsoft grants permission, an individual only has access to the discrete area of the datacenter required, based on the approved business justification
• Visitors may be allowed temporary access and must be escorted.  Escorted visitors do not have any access levels granted to them and can only travel on the access of their escorts
• Individuals must pass two-factor authentication with biometrics to move through the data center
• Individuals entering the data center floor are required to pass a full body metal detection screening on both entrance and exit
• Only approved devices are allowed on the data center floor

Physical security measures in place at Dentsply Sirona facilities include:

• Video surveillance covers the exterior of the facility
• Security employees protect facility premises
• Access to facilities is given either through personalized, electronic company ID cards or registration at reception/plant security.  Access rights to certain buildings/rooms/times are granted individually according to the assignment of tasks
• Visitors register at the reception/plant security and are then picked up and accompanied by their Dentsply Sirona host for the entirety of their visit
• Sensitive areas and safety zones are secured by electronic access control systems.
• IT rooms are secured by video surveillance and intrusion detection systems

1.2 Electronic Access Control

The purpose of the electronic access control is to prevent unauthorized access to systems that process personal data.

The following security measures are in place:

• Users are authenticated using username and password.  No anonymous access is possible
• Passwords must meet minimum requirements as defined by Dentsply Sirona IT department
• Passwords must be renewed periodically
• Individual authorization is regulated through personal user accounts as well as AD security groups
• Firewalls are in place
• Hardware used by Dentsply Sirona customer support is secured using passwords, conditional access and disk encryption.  Multi-factor authentication is required for external access

1.3  Internal Access Control

The purpose of internal access control is to ensure that persons who use systems where personal data is stored only have access to the parts of the system they need for the fulfillment of their duties.

The following security measures are in place:

• Access rights are based on roles, following the “least privilege” principle
• System access rights are reviewed regularly

1.4  Isolation Control

The purpose of the isolation control is to ensure that data collected for different purposes can be processed separately.

The following security measures are in place:

• Practitioners are assigned to practices.  Practitioners can create orders for patients of that practice, but not patients of other practices
• Production systems are separated from development and test systems

1.5  Pseudonymisation and anonymization

The purpose of pseudonymisation is to protect the personal data by ensuring that the personal data cannot be associated with a specific data subject without the assistance of additional information.

The following security measures are in place:

• Dentsply Sirona has implemented "Privacy-by-Design" and "Privacy-by-Default" within internal  developed systems
• Our business partners (dentists, dental laboratories, etc.) can provide health data using order reference only.  Instruction for the order reference field ask the business partner not to use patient name as the reference
• Internal instructions to anonymize or pseudonymize health data whenever appropriate have been issued

2.1  Data Transfer Control

The purpose of the data transfer control is to ensure that personal data cannot be read, copied, changed or deleted in an unauthorized way during an electronic transfer, physical transportation or storage on a data storage medium.

The following security measures are in place:

• All data in transit is encrypted using TLS 1.2+.
• Data at rest is encrypted with Advanced Encryption Standard (“AES-256”).  

2.2 Data Entry Control

The purpose of the data entry control is to verify retroactively whether and by whom personal data was entered, changed, or deleted from a data processing system.

The following security measures are in place:

• Order history is retained.  Users can view orders they made in the past 

3.1 Availability Control

The purpose of the availability control is to ensure that personal data is protected against accidental destruction or loss. 

The following security measures are in place, using functionality available from Azure, the cloud hosting provider for the Simplant and AWO systems:

• Azure Storage provides data redundancy to minimize disruptions to the availability of customer data.  This approach minimizes the impact of isolated storage node failures and loss of data.
• Critical Azure components that support delivery of customer services maintain high availability through redundancy and automatic failover to another instance.  Agents on each virtual machine (“VM”) monitor the health of the VM.  If the agent fails to respond, the VM is rebooted.
• In case of hardware failure, the instance is moved to a new hardware node, restoring the service to full availability.
• Backup methods vary by service and include Azure Storage geo-replication, Azure SQL geo-replication, service specific backup processes, and backup to tape.  Azure manages and maintains all backup infrastructure.

3.2 Rapid Recovery 

The purpose of the rapid recovery control is to ensure that in case of disruption, the stored data will be made available again as soon as possible. 

The following security measures are in place, some of which use functionality available from Azure:

• Azure Storage provides data redundancy to minimize disruptions to the availability of customer data.  This approach minimizes the impact of isolated storage node failures and loss of data.
• Backup methods vary by service and include Azure Storage geo-replication, Azure SQL geo-replication, service specific backup processes, and backup to tape.  Azure manages and maintains all backup infrastructure.

4.1  Data Protection Management

The purpose of data protection management is to ensure that appropriate technical and organizational measures have been identified and implemented.

The following organizational measures are in place:

• Dentsply Sirona has a centralized data protection organization which defines goals, duties, competencies and responsibilities regarding data privacy
• The data protection organization consists of the Global Data Protection Officer, the global Privacy Office, Local Data Protection Officers and local Data Protection Coordinators
• Dentsply Sirona has global Data Protection Policies and Guidelines, defining company standards such as how to handle sensitive personal data, subject access rights, data protection impact assessments (“DPIAs”), etc.
• Dentsply Sirona employees working with Simplant and AWO undergo regular security training as part of their standard training curriculum.  This training is referred to as IT Security Management Training

4.2  Incident Response Management

The purpose of incident response management is to ensure that cybersecurity incidents are identified and responded to appropriately.

The following security measures are in place:

• Within Azure, Microsoft has defined events, thresholds, and metrics to detect incidents and alert the associated Operations team.  the Microsoft Operations team performs monitoring, including documentation, classification, escalation, and coordination of incidents following documented procedures
• Microsoft performs annual tests of security incident response procedures
• Within Dentsply Sirona, an incident management framework has been established that defines roles and allocates responsibilities
• Automated anomaly detection and alerting is in place
• Dentsply Sirona conducts regular reviews of cybersecurity logs and systems
• Dentsply Sirona has established a formal incident response process which includes containment, eradication, restoration, investigation, deadline monitoring, and incident reporting
• Recurring penetration tests are used to detect vulnerabilities

4.3 Data Protection by Design and Default

The purpose of this section is to ensure that the security of personal data is considered and is the default configuration when developing new products and services. 

The following security measures are in place:

• Assessment of all projects and products to ensure personal data is protected appropriately.
• Execution of data privacy impact assessments for high risk processing activities.

4.4 Engaging Third Parties

The purpose of this section is to ensure that personal data, which is processed by third parties, will not be processed without clear and unambiguous contractual arrangements. 

The following security measures are in place:

• Dentsply Sirona follows established procurement procedures and criteria, including security assessments, when selecting and onboarding new sub-processors.
• Dentsply Sirona has an appropriate contract with each sub-processor.  For example, standard contracts meeting the requirements of Article 28 of the GDPR are used when appropriate.
• Dentsply Sirona follows other formal procedures, such as order placement via an order form, as appropriate.