GrowLab Organics

Platform

Security

Last updated: Friday 3rd May 2024

1. Introduction

This document outlines the security policies and best-practices GrowLab Organics ("GLO") uses for the GLO Platform ("the platform"). The purpose of this document is to provide an overview of the steps we take to ensure confidentiality, integrity and availability of our services.

2. Access Controls

Access Control is an essential element of security that determines who is allowed to access certain data, applications and resources—and in what circumstances. In the same way that keys and pre-approved guest lists protect physical spaces, access control policies protect digital spaces. Access control policies rely heavily on techniques such as a authentication and authorization, which allow an organisation to explicitly verify both that users are who they say they are and that these users are granted the appropriate level of access based on context such as device, location, role and much more.

Access control keeps confidential information—such as customer data and intellectual property—from being stolen by bad actors or unauthorised users. It also reduces the risk of data exfiltration by employees and keeps web-based threats at bay.

2.1. Authentication

GrowLab Organics uses the following approaches to improving authentication for internal services.

  • Implement strong authentication mechanisms, such as multi-factor authentication (MFA), to verify the identity of staff.
  • Where supported, use PassKeys to mitigate the risks associated to password management.
  • Where passwords are required, enforce secure password policies, including minimum length, complexity requirements and regular password updates.

2.2. Authorization

GrowLab Organics uses the following methods to ensure access to internal resources is appropriate and relevant to a specific role.

  • Follow a principle of least privilege when assigning roles and permissions.
  • Regularly review and update roles and permissions based on job responsibilities.
  • Implement lifetime mechanisms across session management to ensure that users are logged out after a period of inactivity.

3. Data Protection

The following describes the steps we take to protect patient data.

  • Use HTTPS exclusively to encrypt data in transit between the client and our servers.
  • Use strong encryption (AES) to protect sensitive data at rest in the database.

Copyright © 2025 GrowLab Organics.

All Rights Reserved.