Security
Sonder values the trust of our members and clients beyond all else. Our core value of putting our members first underpins our security philosophy, including how we manage and protect data. We set our own high standards and follow the latest industry standards to ensure we are staying ahead of any cyber threat.
Our security and privacy practices
For organisations
Find out more about Sonder’s information security program
For members
Find out more about Sonder’s privacy policy and Sonder’s electronic health record (EHR)For Sonder
Find out more about how Sonder cares for our staff
Information
security program
Sonder maintains a robust security program, guided by formal policies and detailed requirements that meet best practice standards for our industry. The objective of this program is to maintain the confidentiality and integrity of information across our Sonder systems and in all communications with our members, clients, guests, employees and business partners.
Compliance
Sonder policies, procedures, and standards are based on the International Organisation for Standardisation (ISO) / International Electrotechnical Commission (IEC) 27001. ISO 27001 is a globally-recognised Information Security Management System (ISMS) standard. It leverages best practices and comprehensive security controls which includes people, processes and IT systems. Sonder renews this certification annually and uses an independent third-party body to audit compliance.
Software development
Sonder maintains policies and procedures to ensure that system, device, application and infrastructure development is performed in a secure manner. A Software Development Life Cycle (SDLC) framework is used to ensure secure design and engineering principles are integrated directly into the design, development and continuous improvement process for Sonder’s platforms.
Penetration testing
Sonder leverages world-class external parties to regularly conduct web, API, and mobile application penetration testing in an effort to evaluate the application layer security with regards to best practice security standards. This includes Penetration Testing Execution Standard (PTES), Open-Source Security Testing Methodology (OSSTM), and Open Web Application Security Protocol (OWASP) top 10 for both web and mobile applications.
Business continuity
Sonder maintains policies and procedures to ensure continuity of business functions, to identify the Sonder-critical business product and service functions, and to specify the response and recovery actions and strategies needed to mitigate any adverse business effects of disruptions, incidents or crises on the ability of Sonder to maintain business continuity and the uninterrupted provision of core products and services.
Risk assessment program
Sonder has an end-to-end Enterprise Risk Management System (ERMS). Risk assessments of products and infrastructure are conducted on a regular basis, including reviews of confidential data flows.
Insurances
Sonder holds policies for general liability, professional indemnity, and cyber and privacy.
Electronic health record (EHR)
Sonder’s EHR improves care outcomes and is a foundational technology for our human-centric approach. It focuses on the total health of our members — going beyond standard clinical data, and is inclusive of a broader view of an individual's healthcare.
Sonder’s EHR is a real-time health record that makes information available instantly and securely to authorised users (namely, clinicians and allied health personnel). It is designed to not only securely store the medical information that our members share with us, but to enable our clinical teams to better understand an individual’s holistic health journey by collecting and aggregating (stated and revealed) preferences regarding health and wellbeing.
Facilitating a human-centric
approach to healthcare
For Sonder, our EHR underpins the human-centric care we provide. A member’s information moves securely to where it is needed. It allows the Sonder health team to work collaboratively with patients by sharing images, video, and shared whiteboards to unpack problems. When care is needed beyond Sonder’s clinicians, our EHR provides the capability to instantly and securely e-refer to other clinicians using a secure medical messaging system that allows a two-way flow of information between clinicians.
This important tool helps to ensure every Sonder member gets the highest quality clinical experience every time they engage for help, care and support.
There's so much more to share
Sonder is reimagining health, safety and wellbeing support. Sonder proves human centric care leads to earlier intervention. Sonder impacts one person at a time to drive meaningful change across an organisation. Sonder understands people and how to support them.