D
Diabeasy / Admin
Caresoft Systems · super-admin
PV
Atlas/ Admin/ Platform settings · security & governance
Platform security & governance

Diabeasy Platform Settings

Tenant scope ALL (super-admin) Region AWS Mumbai (ap-south-1) Encryption AES-256 at rest · TLS 1.3 in transit Backup 15-min RPO · 4h RTO
All systems operational
MFA enforcement
100%
All 1,247 users · enforced policy
Password compliance
98.4%
21 users due rotation in 7d
Failed logins · 24h
12
2 accounts auto-locked
Vulnerabilities
0critical
Last scan: 11 May 03:00 IST
Security
🔐 Authentication policy 🏢 SSO per tenant 👥 Role definitions 🔑 API keys & webhooks 🛡 Encryption & KMS
Data & compliance
🌐 Data residency 📅 Retention policies 📜 Certifications 🔓 DPDP register
Operations
System health 💾 Backup & DR 📊 Observability 🚨 Incident response

Authentication policy

Applies platform-wide · individual tenants may layer stricter rules
✓ NIST 800-63B Level 2
MFAWhether multi-factor is required
Enforce MFA for all human usersMandatory · cannot be disabled per DPDP / ISO 27001 controls
policy-locked
TOTP authenticator (primary)Google Authenticator, 1Password, Authy
on
SMS OTP (fallback only)Allowed when TOTP unavailable; not as primary
on
Hardware key (WebAuthn / FIDO2)Recommended for privileged roles (admin, PV reviewer)
on
Password policy
Minimum length14 characters
Complexityupper + lower + digit + symbol
Rotation interval180 days
Reuse preventionlast 12 passwords
Breach check (HIBP API)on every set
Failed-attempt lockout5 attempts · 15 min cool-down
Session timeouts
Doctor portal4h idle · 12h absolute
Coach consoleshift-bound · max 9h
Pharma sponsor portal2h idle · 8h absolute
Admin / super-admin30 min idle · 4h absolute · re-MFA on sensitive ops
Patient mobile app7d remember · biometric unlock

SSO configuration per tenant

Each sponsor connects their corporate IdP for their employees
Novo Nordisk India
novonordisk.com · 218 users · SAML 2.0 · cert expires 14 Mar 2027
Microsoft Entra ID
✓ Healthy
Lupin Limited
lupin.com · 38 users · OIDC · cert expires 22 Aug 2026
Okta
✓ Healthy
Sanofi India
sanofi.com · 14 users · SAML 2.0 · pilot scope
Microsoft Entra ID
⌛ Cert rotation due in 18d
USV Private Limited
usv.in · 41 users · SAML 2.0 · cert expires 09 Nov 2026
Auth0
✓ Healthy
Caresoft / Diabeasy internal
diabeasy.in · 38 coaches + 6 admins · SCIM 2.0 user-provisioning
Google Workspace
✓ Healthy

Role definitions & permissions

Per-role capability matrix · principle of least privilege
Capability Doctor Coach Sr. Coach Pharma BM PV Reviewer Tenant Admin Super-admin
Read patient PHI
Read patient aggregate / de-id
Enrol patient into PSP
Edit prescription
Make coach call · log disposition
File AE report
Sign clinical narrative on AE
Export cohort (de-id only)
Configure programme
Manage users in tenant
Platform settings & SSO
Read audit logs
Legend: Full · Scoped (own actions / tenant only) · Denied

API keys & webhooks

Machine-to-machine integrations · auto-rotated every 90 days
1mg fulfilment · production
issued 14 Mar 2026 · rotates 12 Jun 2026 · last used 2m ago
sk_live_8eX2···aF42 read+write
Novo Nordisk safety database · CIOMS push
issued 02 Apr 2026 · mTLS · last used 09:18 today
sk_live_4Vt8···c917 write only
Thyrocare lab orders
issued 28 Jan 2026 · rotates 28 Apr 2026 · OVERDUE 14d
sk_live_qK9z···8d44 read+write
Karix WhatsApp Business API
issued 11 Feb 2026 · last used 4s ago
sk_live_PqR1···7eA0 send only
Knowlarity voice (coach VoIP)
issued 22 Oct 2025 · auto-rotated 22 Jan 2026
sk_live_zM6t···Q1n9 full access
RWE Data Vault export (Novo Premium tier)
issued 08 May 2026 · scoped to Novo Care+ only · read-only
pk_data_Wf02···6tBe read only

Compliance certifications

External audits passed · last reviewed by procurement reviewers
ISO

ISO 27001:2022

Information security management system
Auditor
BSI India
Cert no.
IS-784292
Issued
14 Mar 2026
Expires
14 Mar 2029
✓ Active · annual surveillance Feb 2027
SOC

SOC 2 Type II

Trust services criteria · security, availability, confidentiality
Auditor
Deloitte
Period
12 mo · 2025
Issued
22 Jan 2026
Renewal
Jan 2027
✓ No material exceptions
DPDP

DPDP Act 2023

India personal-data protection compliance
DPO
Aarushi N.
Reg ID
DPDP-DF-9482
Filed
02 Feb 2026
Next review
Feb 2027
✓ Significant data fiduciary tier
HI

HIPAA aligned

For US tele-consult partner integrations
Attestation
self · annual
Reviewer
Drata
Last review
02 Mar 2026
BAAs
3 active
✓ Aligned (not certified)
GCP

GxP / GCP-aligned

For RWE Data Vault & regulatory submissions
Framework
21 CFR Part 11
CSV evidence
complete
Validated
18 Apr 2026
Audit log
WORM · 7-yr
✓ Validation pack available
CB

CERT-In empanelled audit

India CERT-In cybersecurity audit certification
Auditor
SISA
Type
Pen-test + VAPT
Last test
28 Apr 2026
Findings
0 critical · 2 low
✓ Empanelled certificate available

System health · live

Real-time service status · 30-day uptime
View status page →
Web app · doctor / coach / pharma / admin portals
p95 latency 218ms · 1,247 active users · 0 errors/min
99.98% · 30d
Mobile API · patient app v3.4
p95 latency 184ms · 41,892 reachable devices
99.99% · 30d
PostgreSQL primary · ap-south-1a
connections 142/200 · replication lag 2ms · WAL healthy
100% · 30d
Thyrocare lab integration
degraded · 312ms p95 (target <200ms) · vendor slowness 09:00–11:00
99.41% · 30d
Novo PV API · CIOMS forwarding
last successful: CASE-AE-26-0089 · 09:18 today
100% · 30d
Audit log stream · WORM S3
28,418 events today · daily SHA-256 seal at 23:59 IST
100% · 30d
Backups · 15-min RPO
last full: 12 May 03:00 · last incremental: 13:00 IST · DR site sync ✓
100% · 30d
Platform-settings session ADM-PV-2026-05-12-SET Accessed: Prassant V. · super-admin scope · re-MFA at 13:08 This view is itself logged
All setting changes audit-logged · seven-year retention DIABEASY · PLATFORM GOVERNANCE