Privacy and security
Privacy and security is critical to the quality of the service Corum Group delivers. This is best summarised in Corum Group’s privacy statement and security principles:
Reporting a vulnerability
If you find vulnerability in our products or services, please notify us immediately via Corum Support
Reporting an incident
If you become aware of the compromise of any of our products or services, please notify us immediately via Corum Support
Minimum security requirements to run ScriptARC at the pharmacies
In order to ensure ScriptARC maintains a strong security level pharmacies are recommended to maintain minimum level of security, including but not limited to:
- Encryption for data at rest;
- Proper system/network segmentation;
- The use of endpoint firewall;
- Updated antivirus;
- Documented expectations around mobile device usage;
- Password protection rules;
- Access control; and
- Users training and awareness.
We aim to be as open and transparent with our security policies as practicable to help our customers understand what we do, and how we do it. To request information on our policies please email:
In event of an incident that affects our customer’s data, we immediately notify our customers and take required actions including assigning responsibilities for managing the incident. Considering the sensitivity of the situation we do not publish documents specifying roles and responsibilities for managing the incident.
Information Security Management Program
We base our policies and security baseline on the domains defined by the Cloud Security Alliance (CSA) and Cloud Controls Matrix (CCM).
We perform on-going vulnerability and risk assessments in order to evaluate risks and monitor our infrastructures compliance against our information security baseline.
We undertake regular security awareness training for our staff to ensure security controls are followed and customer data is protected from security threats.
Segregation of duties
All our operations incorporate access controls reflective of an individual’s role, to prevent unauthorised access.
Business Continuity and Redundancy plans
Corum Group will share pre-defined parts of its Business Continuity and Redundancy plans with customers by email at request. Such a document will cover aspects as recovery times and resources required for resumption. To request information on Business Continuity and Redundancy plans, please email:
Retention Policy (Disclosing data government)
The disclosing process will observe data sensitive and data will be equally protected in transit as it is at rest.
Corum Group will sanitise all computing resources of tenant data once a customer has exited our environment.