Certifications

Certifications

Doctena's external attestations. ISO/IEC 27001:2022 is in force across our entities, and the certificate is freely available to download.

Last reviewed
Next review
Owner
Information Security Office
Version
1.3.0

In force today

The ISO/IEC 27001:2022 certificate is freely available, with no request or non-disclosure agreement needed. You can download the certificate (PDF) directly, or read the full scope and details on the ISO 27001 page.

Our published documents, including the ISO 27001 certificate and the Data Processing Agreement, are stored in object storage on media.doctena.com and are managed through code, so the links on this site always point to the current published version.

Reports available under NDA

The following reports are available to customers and qualified prospects under a mutual non-disclosure agreement. Email security@doctena.com with the requesting organisation, the contact's role, and the NDA you would like us to countersign (yours or ours).

ReportWhat it coversAccess
Annual penetration test executive summaryRedacted summary of the most recent annual application + infrastructure penetration test.Under NDA
Statement of Applicability v1.0The ISO 27001:2022 SoA approved on 28 August 2025.Under NDA
Information Security PolicyHigh-level statement of the ISMS.Under NDA

Audit programme

Doctena's ISO 27001:2022 ISMS is audited annually, and additionally on material change to the scope or the controls. External surveillance and recertification audits follow the cycle mandated by ISO/IEC 17021-1: surveillance at least once a calendar year and recertification every three years. The full audit programme is described on the ISO 27001 page.

Our certification body is named on the certificate, which is freely available to download (no request or non-disclosure agreement needed). The certificate identifies the certification body, as ISO/IEC 17021-1 requires of every accredited certificate. You can verify our certification status independently through IAF CertSearch (iafcertsearch.org).

Regulatory scope

NIS2 (the EU Network and Information Security Directive) is not currently in scope for Doctena. We have already prepared full compliance, so that we are ready if our scope changes. We keep our regulatory scope under review and will update this page if that happens.