Xenplate is a secure mobilization platform; it was designed from scratch to provide safe and secure working in a distributed mobile environment. Everything is encrypted end to end with the same level of security as that used by your bank (AES256). The Xenplate mobile device apps create an encrypted environment on your device and all data is encrypted as it is recorded. Viewing records is performed directly from the encrypted data so that your devices are safe even if lost. Security may not be your highest concern but it makes no sense using an insecure system when Xenplate provides peace of mind and conformance out of the box.
You do not need to understand Xenplate's security model to use it as it is always on, and works in the background. L2S2 is ISO 27001 accredited (BSI) and is IG Toolkit Level 3. Our servers, mobile device apps and procedures have been independently verified by the NHS and we are approved to operate front-line patient systems that contain full personal information (PID). We handle millions of records for the NHS each year and manage our software remotely in approximately fifty NHS Hospital Trusts.
The Xenplate mobile apps and web access support a variety of authentication methods, ranging from simple 'instant on' to full multi-factor authentication.
In low mode authentication, the mobile device remembers the initial key and PIN of the user and logs in automatically as soon as the app is run. This mode is useful when the mobile device has an alternative login such as a user PIN and Xenplate is used with simple content that doesn't require additional user authentication.
In medium mode, the user authenticates on a new device they must enter a security key as in low mode, but thereafter, each time Xenplate is started the user will just have to enter their username and PIN.
In rigorous mode, the user has to present a personal security key and PIN each time Xenplate requires login. This mode is appropriate for medical and other applications that must protect user identifiable data.
Multi-factor security is available for web access; this requires the user to enter a username, password and unique four character PIN supplied by an authentication device (can be mobile phone). The authentication key is changed every three seconds. This mode of web protection should be used in private health applications and other applications that demand high security.
L2S2 have a Caldicott Guardian and governance team who are able to offer assistance to medical customers who are considering mobile data applications.