Encryption Practices
- Data in transit: TLS-secured channels for all external data exchange.
- Data at rest: AES-256 encryption for stored clinical records and backups.
- Integrity: Blockchain-backed tamper-evident ledger for critical record history.
SECURITY & TRUST
Security and Compliance
SelNexa applies defense-in-depth controls for healthcare workflows in pilot deployments, with governance aligned to Zimbabwe data protection obligations including authority and affected-individual breach notification timelines.
Access Control & Audit Logging
- Role-based access control with least-privilege defaults.
- Consent-aware sharing for patient-authorized record access.
- Comprehensive activity trails for account, record, and policy events.
Data Governance
- Data-controller governance designed for Zimbabwe licensing and DPO operating requirements.
- Breach workflow includes 24-hour authority notification readiness and 72-hour affected-individual notifications in high-risk cases.
- Transborder data-transfer controls apply adequate-protection checks and documented approval gates.
Compliance and trust signals
SSL
RBAC + Audit Trails
24h Authority Notice
72h High-Risk Notice
SI 155 DPO & Licensing
WCAG 2.1 AA
ISO/IEC 27001 (in progress)
SOC 2 (in progress)
Badges shown here indicate control alignment and operating-readiness posture. Certification and statutory onboarding status are updated as formal assessments, licensing, and DPO processes are completed.