In force today
On the roadmap
-
ISO/IEC 27701
Privacy Information Management System — extension of ISO 27001 with privacy controls. Gap assessment scheduled 2026 H2.
-
SOC 2 Type II
Common procurement ask in the US healthcare market. Under evaluation; would cover Trust Service Criteria for security, availability and confidentiality.
-
ISO/IEC 27018
Code of practice for protection of personally identifiable information in public clouds acting as PII processors. Strong fit given AWS hosting.
-
HDS (Hébergement de Données de Santé)
French health-data hosting certification. Only relevant when Doctena formally operates in France; AWS Frankfurt is already HDS-certified at the hosting layer.
Reports available under NDA
The following reports are available to customers and qualified prospects under a mutual non-disclosure agreement. Email privacy@doctena.com with the requesting organisation, the contact's role, and the NDA you would like us to countersign (yours or ours).
| Report | What it covers | Access |
|---|---|---|
| Annual penetration test executive summary | Redacted summary of the most recent annual application + infrastructure penetration test. | Under NDA |
| Statement of Applicability v1.0 | The ISO 27001:2022 SoA approved on 28 August 2025. | Under NDA |
| Information Security Policy | High-level statement of the ISMS. | Under NDA |
Audit programme
Doctena's ISO 27001:2022 ISMS is audited annually by an independent external firm, and additionally on material change to the scope or the controls. The certification body for the external recertification audit cycle will be named on the ISO 27001 page once the renewed certificate is published.