Security at Rely Technologies

All patient data stored in our systems is encrypted using AES-256, the same standard used by financial institutions and government agencies.

All data transmitted between your systems and ours is protected by TLS 1.3, preventing interception or tampering in transit.

Database backups are encrypted and stored in geographically separate locations within India.

Encryption keys are managed using industry-standard key management practices with regular rotation.

Our cloud infrastructure is hosted exclusively on MEITY-empanelled data centres in India, ensuring full data sovereignty and compliance with Indian data localisation requirements.

We maintain a 99.9% uptime SLA with redundant systems, automatic failover, and disaster recovery capabilities.

Network security includes Web Application Firewalls (WAF), DDoS protection, intrusion detection systems, and regular penetration testing.

All infrastructure components are patched and updated on a regular schedule to address known vulnerabilities.

Role-Based Access Control (RBAC) ensures that every user — from doctors to billing staff — only has access to the data and functions relevant to their role.

Multi-factor authentication (MFA) is available and recommended for all administrative accounts.

Session management includes automatic timeout, concurrent session controls, and IP-based access restrictions.

All privileged access is logged, monitored, and subject to regular access reviews.

ISO 27001:2022 certified — our Information Security Management System is independently audited annually.

ABDM certified by the National Health Authority, Government of India — compliant with all ABDM data privacy and security guidelines.

Compliant with the Digital Personal Data Protection (DPDP) Act 2023 and IT Act 2000.

NABH and NABL ready — our systems support the documentation and audit trail requirements for hospital and lab accreditation.

HL7 FHIR R4 compliant for secure, standardised health data exchange.

We conduct regular internal and third-party penetration testing of our platform.

A responsible disclosure programme allows security researchers to report vulnerabilities to security@relyhealthtech.com.

Critical security patches are deployed within 24 hours of identification. Non-critical patches follow a regular monthly cycle.

We maintain a Software Bill of Materials (SBOM) and monitor all third-party dependencies for known vulnerabilities.

We maintain a documented Incident Response Plan that is tested and updated annually.

In the event of a security incident affecting patient data, we will notify affected organisations within 72 hours as required by applicable law.

Our security team is available 24/7 to respond to incidents. Contact us at security@relyhealthtech.com.

Post-incident reviews are conducted for all significant security events to prevent recurrence.

All employees undergo background verification before joining.

Security awareness training is mandatory for all staff and conducted quarterly.

Employees with access to production systems are subject to enhanced vetting and regular access reviews.

A clear desk and screen lock policy is enforced across all offices.

If you believe you have discovered a security vulnerability in our systems, please report it responsibly to security@relyhealthtech.com.

Please include a description of the vulnerability, steps to reproduce, and potential impact.

We will acknowledge your report within 48 hours and keep you informed of our progress.

We do not take legal action against researchers who report vulnerabilities in good faith.