Data Protection laws impose strict requirements

Check which are the compliance requirements defined by EU/GDPR and US/HIPAA

Physical

Requirements related to your hosting environment and infrastructure.

Facility protection VM Security Firewalls Storage Backups

And many more

Technical

What you need to design, implement, and document to ensure compliance.

Data encryption Authentication Audit Logs Access Control Consent Tracking

And many more

Administrative

Documentation, policies, privacy risk assessments and legal tasks.

And many more

Check how Chino.io solves compliance tasks for you

{{internal_step}}

Physical Technical Admin

You: start building your App

Step 1: start building your App

Choose a development framework and a compliant cloud

Physical

Technical

Administrative

{{internal_step}}

Physical Technical Admin

You: Sign-up to Chino.io

Step 2: sign-up to Chino.io

Choose a development framework and a compliant cloud.
Get the Chino.io API keys and the SDK for your framework.

Physical

Technical

Administrative

{{internal_step}}

Physical Technical Admin

You: send a document

Step 3: send a document via Chino.io API

Choose a development framework and a compliant cloud.
Get the Chino.io API keys and the SDK for your framework.
Use your dev framework to send a document to Chino.io with 1 API call.

Physical

Technical

Administrative

{{internal_step}}

Physical Technical Admin

Chino.io: authentication & authorization

Step 4: Chino.io performs authentication & authorization

Choose a development framework and a compliant cloud.
Get the Chino.io API keys and the SDK for your framework.
Use your dev framework to send a document to Chino.io with 1 API call.
Chino.io checks your identity and your access control policies (permissions).

Physical

Technical

Administrative

{{internal_step}}

Physical Technical Admin

Chino.io: encryption and indexing

Step 5: Chino.io encrypts and indexes the data for search

Choose a development framework and a compliant cloud.
Get the Chino.io API keys and the SDK for your framework.
Use your dev framework to send a document to Chino.io with 1 API call.
Chino.io checks your identity and your access control policies (permissions).
Chino.io indexes your document for search operations before storing it encrypted.

Physical

Technical

Administrative

{{internal_step}}

Physical Technical Admin

Chino.io: data, keys, and index storage

Step 6: Chino.io stores securely your data, keys, and indexes

Choose a development framework and a compliant cloud.
Get the Chino.io API keys and the SDK for your framework.
Use your dev framework to send a document to Chino.io with 1 API call.
Chino.io checks your identity and your access control policies (permissions).
Chino.io indexes your document for search operations before storing it encrypted.
Chino.io stores securely your document, keys and the index.

Physical

Technical

Administrative

{{internal_step}}

Physical Technical Admin

Chino.io: result returned (in milliseconds)

Step 7: Chino.io returns the result (in milliseconds)

Choose a development framework and a compliant cloud.
Get the Chino.io API keys and the SDK for your framework.
Use your dev framework to send a document to Chino.io with 1 API call.
Chino.io checks your identity and your access control policies (permissions).
Chino.io indexes your document for search operations before storing it encrypted.
Chino.io stores securely your document, keys and the index.
Chino.io securely returns the document-id to you.

Physical

Technical

Administrative

{{internal_step}}

Physical Technical Admin

You: get the Chino.io documentation

Step 7: get the Chino.io compliance documentation and checklists

Choose a development framework and a compliant cloud.
Get the Chino.io API keys and the SDK for your framework.
Use your dev framework to send a document to Chino.io with 1 API call.
Chino.io checks your identity and your access control policies (permissions).
Chino.io indexes your document for search operations before storing it encrypted.
Chino.io stores securely your document, keys and the index.
Chino.io securely returns the document-id to you.
Once developed, Chino.io provides you with the compliance documentation and checklists.

Physical

Technical

Administrative

Chino.io main security & compliance features

Sensitive data security is provided by Chino.io APIs

Encryption

Record level encryption with AES-256 and HTTPS/TLS for transmission. Secure indexing and tokenization for search operations. Encryption keys (for each user) managed according to HSM standards.

With Chino.io you can use any programming language to develop your compliant Health App

Access control

Flexible and granular access control policies to define access rights for single users (or groups of users) to single documents (or collections of documents).

Gain trustability thanks to our API for Health Applications

Immutable audit logs

Legally valid immutable logging system. Tracking of who accesses data, when it was accessed, and from where. Logs contain enough information in case of legal disputes, without violating users' privacy.

Compliance requirements

Consent tracking via the API and available in the Console, Right to be Forgotten (RTBF) via API and encryption key deletion, data portability via API and Console using JSON data encoding.

API security & monitoring

Constant (24/07) security monitoring of the API status, attacks, and anomalies in the system. State of the art standards for API security, and constant updates of tools, plugins and libraries.

Backups

Daily incremental backups stored encrypted with AES-256 in two separate physical locations. Weekly backup history, plus four backups for the current month and one backup for each month for 6 months.

Check our Security White Paper for more info

The service that decode security & compliance for you

Encryption

Each API call uses HTTPS/TLS to protect data transfers, while all documents at rest are encrypted using AES-256. Each user has different encryption keys, stored on different locations.

Access Control

Flexible and granular access control policies can be setup via the API to define access rights for single users or groups of users to single documents or collections of documents.

Backups

Daily incremental backups of all data. Backups are encrypted using AES-256 algorithms and transferred to a different physical location.

Audit log

Control who accesses your data, when it was accessed, and from where. Logs are legally valid and non-modifiable.

API security

We provide one-per-customer physical server (or more) at your service. We provide only the state of the art in terms of security and power.

Intrusion detection

Constant (24/07) security monitoring of API behavior, attacks, and any anomaly in the system. Technology partially developed also in the C3ISP EU innovation project.

Certified even for medical grade software

Certified ISO 9001

The Chino.io ISO 9001 certification means that Chino.io established, maintains and improves constantly the organizational structure, responsibilities, procedures, processes, and resources to consistently satisfy ISO 9001 quality requirements. ISO 9001 is a necessary certificate for all service providers in the medical context where end products (medical devices or software) must be ISO 13485 certified. Download the certificate here.

Certified ISO 27001

ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. Chino.io implements all controls and constantly improves its Security Management System, exceeding the requirements and keeping its services always at state of the art level in terms of security best practices. Download the certificate here.

Data Protection laws impose strict requirements

Check which are the compliance requirements defined by EU/GDPR and US/HIPAA

Check how Chino.io solves compliance tasks for you

You: start building your App

Step 1: start building your App

You: Sign-up to Chino.io

Step 2: sign-up to Chino.io

You: send a document

Step 3: send a document via Chino.io API

Chino.io: authentication & authorization

Step 4: Chino.io performs authentication & authorization

Chino.io: encryption and indexing

Step 5: Chino.io encrypts and indexes the data for search

Chino.io: data, keys, and index storage

Step 6: Chino.io stores securely your data, keys, and indexes

Chino.io: result returned (in milliseconds)

Step 7: Chino.io returns the result (in milliseconds)

You: get the Chino.io documentation

Step 7: get the Chino.io compliance documentation and checklists

Administrative requirements: filling the gap.

Chino.io provides much more guarantees than typical clouds

Chino.io main security & compliance features

Encryption

Access control

Immutable audit logs

Compliance requirements

API security & monitoring

Backups

The service that decode security & compliance for you

Certified even for medical grade software

Certified ISO 9001

Certified ISO 27001

Ready to start?

Merry Christmas: Summary of Chino.io in 2018

Chino.io - The first ISO 13485 certified Database as a Service (DBaaS) for Medical Data

Interview with Chino.io CTO Stefano about cybersecurity