Security FAQs

1. Who owns the data that I, the data controller, input into Socrates?

You are the data controller in respect of the data that you input into your Socrates practice management system. You decide the method and purpose of processing personal data.

The software rights in the software and database rights and underling database schema are Clanwilliam’s intellectual property.

The use of Socrates is subject to the terms outlined in the End User License Agreement (EULA) provided by the software.

2. Does Clanwilliam access my patient’s personal data without my knowledge?

No. Clanwilliam is a data processor, processing personal data on behalf of you, the data controller. Clanwilliam only processes personal data in accordance with the terms of the data processing agreement (DPA). https://clanwilliamhealth.com/socrates-tcs/

3. Does Clanwilliam sell my patient data?

No.

We do not sell, share or otherwise distribute personal data.

4. Where is my practice data stored?

Your Socrates practice data is stored by you, locally, on a server at your practice, unless you have chosen to use our secure cloud hosted solution.

If you use our off-site online backup service there will be a backup copy stored offsite which is encrypted, in accordance with our Data Processing Agreement (DPA).

If you are a Pippo user, your Pippo data is stored on the secure AWS platform.

5. Can I access my data?

Yes. Your Socrates practice management systems provide you with access to your data. Our software facilitates reporting of your data within the software. In accordance with the GDPR and our Data Processing Agreement (DPA), at the end of our agreement to use the software, you are entitled to request the return of or destruction of your data.

6. What steps does Clanwilliam take to protect privacy?

Our highest priority is the security and integrity of our software. Clanwilliam implements rigorous contractual, technical, and organisational measures to protect its confidentiality, integrity, and availability of data. Clanwilliam adheres to a strict Information Security Framework in accordance with ISO27001 standards.

7. Does Clanwilliam conduct security assessments and penetration tests to safeguard its software against new cyber threats?

Yes, Clanwilliam conducts annual third-party independent web application and penetration testing. Vulnerability assessments are conducted at least quarterly on all Clanwilliam’s hosted systems.

For on-premise applications, we are continually improving our software security posture, working closely with our partners and Microsoft to provide regular version and security updates to our clinical system users.

8. How do third party applications interact with Clanwilliam?

Interoperability is a key feature of the Socrates product offering. Our practice management software connects seamlessly and securely with a myriad of other healthcare software systems and platforms such as the HSE, ICGP, Billink, Keep it Safe, in order to deliver useful functionality to GP practices.

Clanwilliam welcomes and actively facilitates the creation of a more integrated and interoperable e-health ecosystem.  At the same time, we are extremely conscious of the need to ensure full compliance with data protection law.

All partner integrations are facilitated through our Clanwiliam Connect Partnership Programme, facilitating secure interoperability with our systems.

9. Who should I contact if I have any questions regarding your data or data protection?

A copy of your licence agreement (incorporating the DPA) is available at https://clanwilliamhealth.com/socrates-tcs/

Customer services: customersupport@clanwilliamhealth

Sales: sales@clanwilliamhealth

Legal: legal@clanwilliamgroup.com