Security & Compliance
ISO 27001 certified. HIPAA compliant. Continuously monitored by Drata. Independently audited.
Certifications
ISO 27001
Certified under ISO/IEC 27001:2022. Independently audited annually.
HIPAA
Administrative, physical, and technical safeguards for all patient health information.
Continuous Monitoring
Compliance is monitored continuously through Drata. Automated control testing, real-time alerts on deviations, and always-on evidence collection — no gaps between audits.
Third-Party Auditing
Annual ISO 27001 Audit
Full ISMS audit by an accredited registrar — policies, controls, and risk treatment.
Penetration Testing
Regular pen tests by independent security firms with defined remediation SLAs.
Continuous Vulnerability Scanning
Automated scanning across all production systems. Critical findings escalated immediately.
Infrastructure
Encryption
AES-256 at rest, TLS 1.3 in transit. PHI fields use additional application-level encryption.
Access Control
RBAC with least privilege. MFA required for all infrastructure access.
Network Isolation
Private networks, VPN-only production access. No public admin interfaces.
Data Residency
Region-specific storage to meet local regulatory requirements.
Backup & Recovery
Daily encrypted backups with point-in-time recovery. DR tested regularly.
Audit Trails
Immutable logs for every prescription, signature, and access event.