Security

Sonder values the trust of our members and clients beyond all else. Our core value of putting our members first underpins our security philosophy, including how we manage and protect data. We set our own high standards and follow the latest industry standards to ensure we are staying ahead of any cyber threat.

security-page-header

Our security and privacy practices

  • For organisations

    Find out more about Sonder’s information security program

  • For members
    Find out more about Sonder’s privacy policy and Sonder’s electronic health record (EHR)
  • For Sonder

    Find out more about how Sonder cares for our staff

Information
security program

Sonder maintains a robust security program, guided by formal policies and detailed requirements that meet best practice standards for our industry. The objective of this program is to maintain the confidentiality and integrity of information across our Sonder systems and in all communications with our members, clients, guests, employees and business partners.

Compliance

Sonder policies, procedures, and standards are based on the International Organisation for Standardisation (ISO) / International Electrotechnical Commission (IEC) 27001. ISO 27001 is a globally-recognised Information Security Management System (ISMS) standard. It leverages best practices and comprehensive security controls which includes people, processes and IT systems. Sonder renews this certification annually and uses an independent third-party body to audit compliance.

Software development

Sonder maintains policies and procedures to ensure that system, device, application and infrastructure development is performed in a secure manner. A Software Development Life Cycle (SDLC) framework is used to ensure secure design and engineering principles are integrated directly into the design, development and continuous improvement process for Sonder’s platforms.

Penetration testing

Sonder leverages world-class external parties to regularly conduct web, API, and mobile application penetration testing in an effort to evaluate the application layer security with regards to best practice security standards. This includes Penetration Testing Execution Standard (PTES), Open-Source Security Testing Methodology (OSSTM), and Open Web Application Security Protocol (OWASP) top 10 for both web and mobile applications.

Business continuity

Sonder maintains policies and procedures to ensure continuity of business functions, to identify the Sonder-critical business product and service functions, and to specify the response and recovery actions and strategies needed to mitigate any adverse business effects of disruptions, incidents or crises on the ability of Sonder to maintain business continuity and the uninterrupted provision of core products and services.

Risk assessment program

Sonder has an end-to-end Enterprise Risk Management System (ERMS). Risk assessments of products and infrastructure are conducted on a regular basis, including reviews of confidential data flows.

Insurances

Sonder holds policies for general liability, professional indemnity, and cyber and privacy.

Electronic health record (EHR)

Sonder’s EHR improves care outcomes and is a foundational technology for our human-centric approach. It focuses on the total health of our members — going beyond standard clinical data, and is inclusive of a broader view of an individual's healthcare.

Sonder’s EHR is a real-time health record that makes information available instantly and securely to authorised users (namely, clinicians and allied health personnel). It is designed to not only securely store the medical information that our members share with us, but to enable our clinical teams to better understand an individual’s holistic health journey by collecting and aggregating (stated and revealed) preferences regarding health and wellbeing.

Sonder’s electronic record

Facilitating a human-centric
approach to healthcare

For Sonder, our EHR underpins the human-centric care we provide. A member’s information moves securely to where it is needed. It allows the Sonder health team to work collaboratively with patients by sharing images, video, and shared whiteboards to unpack problems. When care is needed beyond Sonder’s clinicians, our EHR provides the capability to instantly and securely e-refer to other clinicians using a secure medical messaging system that allows a two-way flow of information between clinicians.

This important tool helps to ensure every Sonder member gets the highest quality clinical experience every time they engage for help, care and support.

human centric approach

There's so much more to share

Sonder is reimagining health, safety and wellbeing support. Sonder proves human centric care leads to earlier intervention. Sonder impacts one person at a time to drive meaningful change across an organisation. Sonder understands people and how to support them.

Sonder wellbeing app home screen, safety notification showing bushfire alert and "check on me" safety map tracking screen.