Chief Information Security Officer (CISO) Davy Cox shares what it means to have a “safety first” culture and how Doctena became an ISO 27001-certified company in January 2023
As the Chief Information Security Officer at Doctena, Davy Cox has a multifaceted role as a gatekeeper. His mission is to help deliver top-quality healthcare services while upholding strict data protection standards.
How would you describe your role at Doctena?
On a daily basis, my primary focus is to create and implement strategies designed to defend our information systems against any potential cyber threats, while also ensuring that our digital information remains accessible to those who need it when they need it. Therefore, it is essential to guide all the teams to better understand the role they play in our security framework. Not to forget our biggest responsibility, which is safeguarding Doctena’s most valuable asset – our data.
What does it mean to have a “security by design and default” culture and how does it apply to Doctena?
Having a “security by design and default” culture, we emphasise proactive security measures across all levels of the organisation. We integrate privacy and security considerations from project inception, addressing potential vulnerabilities early on. Education is paramount, as we empower all staff to understand security’s importance and encourage reporting of potential issues. We recognise that everyone, regardless of access levels, plays a role in maintaining security and protecting the company’s future.
How would you describe the company culture at Doctena? What values and principles do you believe set the organisation apart from others in the industry?
Doctena’s strength lies in the personal connections I establish with each employee, fostering motivation and respect. Our heightened security awareness is a testament to our training and employees’ understanding of their roles. These values and principles set us apart and make Doctena more than just a company – they make us a community, a group of people collectively working towards providing the best services possible while ensuring that the privacy and security of our patients and employees are always protected.
In January 2023, Doctena reached a key milestone by becoming an ISO 27001-certified company. What does this certification mean?
Doctena received the ISO 27001 certification in January 2023. It represents the culmination of years of dedicated effort. ISO 27001 is an internationally recognized standard for managing risks to the security of information we hold. This certification is a testament to our commitment to maintaining the highest level of data security and integrity. Our security management processes have been independently evaluated and verified against a globally recognized standard. Now, we need to continue our efforts to maintain and constantly improve our security posture, ensuring that we stay ahead of evolving threats and vulnerabilities. This ongoing commitment forms the foundation of our security culture at Doctena.
What do we do to make sure to keep customers’ and patients’ data safe?
In order to keep our patients` and customers` data safe, we take a comprehensive approach to data protection. We enforce proper access control, use data encryption, and ensure high availability of the data and applications with continuous monitoring and alerting to detect abnormalities. Multi-layered firewalls and incident response processes defend against attacks. We continually review and improve procedures, conduct external audits, and have comprehensive contractual policies with staff, consultants, and suppliers. This approach builds customer and patient trust in our services.
At Doctena, we understand that transitioning to cloud systems can be daunting. However, rest assured that we prioritise the security and privacy of your data. Our cloud solution is equipped with sophisticated security capabilities, and we are committed to leveraging the best technologies available to protect your valuable data assets. If customers have any concerns or questions about our cloud-based security, I’m here to provide clarification and reassurance.
What is the most rewarding part of your job?
My role as Chief Information Security Officer is ever-evolving and engaging. Each day presents new challenges and puzzles to solve, making it rewarding and never boring. Witnessing security breaches in other organisations reinforces the critical importance of our work in safeguarding our systems and customer/patient data. Perhaps the most gratifying aspect, however, is the level of respect and understanding I receive from my colleagues and management. Security is often viewed as a burden in many organisations, but at Doctena, it’s seen as an integral part of our operations. The team understands why we take the measures we do and respects the necessary steps to ensure security. This supportive environment not only makes my job easier but also serves as a testament to the strong security culture we’ve built at Doctena.