ISO 27001 based Information Security Management System in Halodoc

ISO 27001 Sep 16, 2022

Introduction

Halodoc is a healthcare network platform that aims to simplify access to healthcare by leveraging technology and ensuring seamless and convenient access to a  comprehensive health ecosystem. As a healthcare network platform, security of Halodoc’s information system is paramount and required to be managed systematically.

In an effort to better improve its Information Security Management System (ISMS), Halodoc is implementing ISO 27001 as the framework in managing confidentiality, integrity, and availability of its information systems.

What is ISO 27001

According to the International Organisation for Standardisation which publishes the standard, ISO 27001 is:

“ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organisations, regardless of type, size or nature.”

Requirements for ISO 27001 consist of 14 domains split into 114 sets of controls.

The implementation of ISO 27001 follow a PDCA approach (Plan, Do, Check, Act):

  • Plan. Identify the problems and collect useful information to evaluate security risk. Define the policies and processes that can be used to address problem root causes. Develop methods to establish continuous improvement in information security management capabilities.
  • Do. Implement the devised security policies and procedures. The implementation follows the ISO standards, but actual implementation is based on the resources available in Halodoc.
  • Check. Monitor the effectiveness of ISMS policies and controls. Evaluate tangible outcomes as well as behavioral aspects associated with the ISM processes.
  • Act. Focus on continuous improvement. Document the results, share knowledge, and use a feedback loop to address future iterations of the PCDA model implementation of ISMS policies and controls.

Following the implementation of ISO 27001, Halodoc pursued ISO 27001 certification to confirm implemented ISMS against ISO 27001 standard.  The certification is issued after an independent audit process by an approved certification body.

What is the benefit for Halodoc

The benefit for implementing and certifying for ISO 27001 includes:

  1. Baseline for security standards
    Implementing ISO 27001 will allow Halodoc a baseline to measure the effectiveness of their security practices.
  2. ISMS Reference
    ISMS covers vast and various aspects of security. ISO 27001 is considered a model of ISMS in an organisation that can be referred to as a framework.
  3. Demonstrate and affirmation
    ISO 27001 certification demonstrates to Halodoc stakeholders that implementation of ISMS in Halodoc has complied with the requirements set in ISO 27001.

Implementing ISO 27001

Following the PDCA approach, Halodoc took the following steps:

Conclusion

In conclusion, implementing ISO 27001 and obtaining ISO 27001 certification will allow Halodoc to better manage its information security practices and demonstrate compliance to international best practices in information security management to stakeholders..

Join Us:

We are always looking out for top engineering talent across all roles for our tech team. If challenging problems that drive a big impact enthral you, do reach out to us at careers.india@halodoc.com

About Halodoc

Halodoc is the number 1 all-around Healthcare application in Indonesia. Our mission is to simplify and bring quality healthcare across Indonesia, from Sabang to Merauke.

We connect 20,000+ doctors with patients in need through our Tele-consultation service. We partner with 1500+ pharmacies in 50 cities to bring medicine to your doorstep. We've also partnered with Indonesia's largest lab provider to provide lab home services, and to top it off we have recently launched a premium appointment service that partners with 500+ hospitals that allows patients to book a doctor appointment inside our application.

We are extremely fortunate to be trusted by our investors, such as the Bill & Melinda Gates Foundation, Singtel, UOB Ventures, Allianz, Gojek, and many more. We recently closed our Series B round and In total have raised USD$100million for our mission.

Our team works tirelessly to make sure that we create the best healthcare solution personalised for all of our patient's needs, and are continuously on a path to simplify healthcare for Indonesia.

Reference: “https://www.iso.org/standard/54534.html - ISO/IEC 27001:2013“

Timotius Toar

Information Security Specialist