Encryption Practices
- Data in transit: TLS-secured channels for all external data exchange.
- Data at rest: AES-256 encryption for stored clinical records and backups.
- Integrity: Tamper-evident audit trails for critical record history.
SECURITY & TRUST
Security and Compliance
SelNexa Health applies defense-in-depth controls for organizational data and SelNexa Health Platform workflows, with governance aligned to Zimbabwe data protection obligations including authority and affected-individual breach notification timelines.
Access Control & Audit Logging
- Role-based access control with least-privilege defaults.
- Consent-aware sharing for patient-authorized record access.
- Comprehensive activity trails for account, record, and policy events.
Data Governance
- Data-controller governance designed for Zimbabwe licensing and DPO operating requirements.
- Breach workflow includes 24-hour authority notification readiness and 72-hour affected-individual notifications in high-risk cases.
- Transborder data-transfer controls apply adequate-protection checks and documented approval gates.
Compliance and trust signals
Certified / active controls
SSL/TLS encryption
RBAC + Audit Trails
24h Authority Notice Readiness
72h High-Risk Notice Workflow
WCAG 2.1 AA accessibility baseline
These controls are active in current deployments and reviewed in operating governance cycles.
In progress
ISO/IEC 27001 readiness program
SOC 2 controls mapping
SI 155 DPO & licensing onboarding
Programs listed as in progress are under documented implementation and external readiness preparation.
Planned
Formal third-party control attestation pack
Regional compliance addendum library
Planned items are roadmap commitments and are published with status updates as evidence becomes available.