Safety on the move with Compassana 

How the Compassana Cloud safeguards your medical data 

Peter Ebenhoch

19. October 2023

Data protection: Compassana transfers the onion principle familiar from clothing to the digital health world.
Data protection: Compassana transfers the onion principle familiar from clothing to the digital health world. (Photo: Eric Sandmann)

It's autumn and hiking fans will be familiar with the “onion” principle, i.e. the smart combination of several layers of clothing so they are best prepared no matter what the weather throws at them. 
  
Compassana applies a kind of “digital onion principle” to safeguard your personal medical data no matter what happens and to ensure that you and your trusted health care specialists have access to it. 
  
Having the data stored near Zurich, Switzerland in a high-security data centre is a key prerequisite for guaranteeing confidentiality, integrity and accessibility.  
  
However, on its own, a waterproof jacket is not enough to withstand all kinds of weather, even when hiking: it makes good sense to use layers of clothing with carefully selected permeable fabrics that regulate temperature well and allow moisture to escape even if they are waterproof.  
  
In a similar way, Compassana applies technical components such as service meshes, web application firewalls, security incident event management and identity management to maintain active control over who has access to what information and who most definitely does not, while ensuring that communication and data exchange are possible without compromising security. 
  
As with high-security banking systems – and following the onion principle – multiple layers of security controls are integrated in the system (“security-in-depth”). This means that your medical data is especially well protected thanks to “on rest” and “on transit” encryption at the time of transfer. 
  
However, it is not enough to gain trust and security using technical measures alone. That’s why our skilled Compassana support and service team is on hand to provide you with an uninterrupted service and support at all times of the day and night. 
  
Our information security programme involves Swiss cybersecurity professionals carrying out regular and independent cyber threat modelling and security tests on our behalf to verify that our services do actually meet our high standards.   
  
And most importantly, our cloud provider Microsoft, and therefore the Compassana ecosystem, also conforms to the requirements laid down in the EU Cloud Code of Conduct, an international set of specifications that ensure cloud computing is secure and complies with data protection regulations.