Security & privacy standards that keep your data safe
Security and privacy standards
We are determined to deliver products and services that are secure and keep the data of our customers and their patients private.
GDPR
Privacy of data is important, even more so for medical records. We ensure our platform is in full compliance with the General Data Protection Regulation (GDPR) – one of the strictest privacy laws in the world.
GDPR
Privacy of data is important, even more so for medical records. We ensure our platform is in full compliance with the General Data Protection Regulation (GDPR) – widely considered to be the most stringent global privacy standard.
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) requires protection and confidential handling of protected health information (PHI). Sign our Business Associate Agreement to process PHI within PMcardio in full compliance with HIPAA.
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) requires protection and confidential handling of protected health information (PHI). Sign our Business Associate Agreement to process PHI within PMcardio in full compliance with HIPAA.
ISO 27001
Our Information Security Management System is certified to ISO 27001, a global standard for managing information security to protect data integrity, confidentiality, and availability.
ISO 27001
Our Information Security Management System is certified to ISO 27001, a global standard for managing information security to protect data integrity, confidentiality, and availability.
SOC 2 Type II
SOC 2 Type II is an audit that evaluates a company’s information security measures over time, ensuring they securely manage data to protect the interests of the organization and the privacy of its clients.
SOC 2 Type II
Powerful Medical adheres to SOC 2 standards, guaranteeing that all data is securely handled to safeguard the interests of our customers and the privacy of their patients.
Organization and product security
Safeguarding information security and privacy.
Localized Data Residency
PMcardio customers who are on the Enterprise Plan have the option to host their data in our US or EU data centers. With ownership over your hosting region, you can ensure we meet your data security goals.
PMcardio supports Data Residency through our Amazon Web Services-operated data centers in Ireland (Europe Region) and the United States.
Localized Data Residency
PMcardio customers who are on the Enterprise Plan have the option to host their data in our US or EU data centers. With ownership over your hosting region, you can ensure we meet your data security goals.
PMcardio supports Data Residency through our Amazon Web Services-operated data centers in Ireland (Europe Region) and the United States.
Encryption
All data sent to and from Powerful Medical is encrypted. Our API and application endpoints are TLS/SSL-only to ensure secure communication with our clients and partners.
Encryption
All data sent to and from Powerful Medical is encrypted. Our API and application endpoints are TLS/SSL-only to ensure secure communication with our clients and partners.
Penetration Tests & Vulnerability Scanning
Powerful Medical uses various security tools to continuously scan for vulnerabilities. Our security team immediately responds to issues raised. Twice yearly we engage third-party security experts to perform detailed penetration tests on Powerful Medical products and infrastructure.
Penetration Tests and Vulnerability Scanning
Powerful Medical uses various security tools to continuously scan for vulnerabilities. Our security team immediately responds to issues raised. At least annually, we engage certified third-party security experts to perform detailed penetration tests on our products and infrastructure.
Incident Response
Powerful Medical implements a protocol for handling security events which includes escalation procedures, rapid mitigation, and root-cause analyses. All employees are educated and trained in our policies.
Incident Response
Powerful Medical implements a protocol for handling security events which includes escalation procedures, rapid mitigation, and root-cause analyses. All employees are educated and trained in our policies. The effectiveness of our information security posture is verified regularly with dedicated disaster recovery tabletop exercises.
Permissions and Authentication
Access to customer data is strictly limited to authorized employees who require it for their job. Powerful Medical services are served 100% over https. We enforce SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on the services we use as well as our own infrastructure and tools.
Permissions and Authentication
Access to customer data is strictly limited to authorized employees only who require it for their job. Powerful Medical services are served 100% over https. We enforce SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on the services we use, as well as our own infrastructure and tools.
Security Posture
Fostering a business culture where quality, compliance, security, and customer focus stand as the foremost priorities.
Security Team
Security Team
Powerful Medical employs a dedicated security team, responsible for our security and privacy of our customer’s data. Our security team includes people who’ve played lead roles in designing, building, and operating highly secure Internet facing systems at at global public companies.
Training & Testing
Training an Testing
All employees complete Security and Awareness training annually. The effectiveness of our information security posture is verified regularly with dedicated disaster recovery tabletop exercises.
Policies
Policies
We have developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.