In force today
The ISO/IEC 27001:2022 certificate is freely available, with no request or non-disclosure agreement needed. You can download the certificate (PDF) directly, or read the full scope and details on the ISO 27001 page.
Our published documents, including the ISO 27001 certificate and the Data Processing Agreement, are stored in object storage on media.doctena.com and are managed through code, so the links on this site always point to the current published version.
Reports available under NDA
The following reports are available to customers and qualified prospects under a mutual non-disclosure agreement. Email security@doctena.com with the requesting organisation, the contact's role, and the NDA you would like us to countersign (yours or ours).
| Report | What it covers | Access |
|---|---|---|
| Annual penetration test executive summary | Redacted summary of the most recent annual application + infrastructure penetration test. | Under NDA |
| Statement of Applicability v1.0 | The ISO 27001:2022 SoA approved on 28 August 2025. | Under NDA |
| Information Security Policy | High-level statement of the ISMS. | Under NDA |
Audit programme
Doctena's ISO 27001:2022 ISMS is audited annually, and additionally on material change to the scope or the controls. External surveillance and recertification audits follow the cycle mandated by ISO/IEC 17021-1: surveillance at least once a calendar year and recertification every three years. The full audit programme is described on the ISO 27001 page.
Our certification body is named on the certificate, which is freely available to download (no request or non-disclosure agreement needed). The certificate identifies the certification body, as ISO/IEC 17021-1 requires of every accredited certificate. You can verify our certification status independently through IAF CertSearch (iafcertsearch.org).
Regulatory scope
NIS2 (the EU Network and Information Security Directive) is not currently in scope for Doctena. We have already prepared full compliance, so that we are ready if our scope changes. We keep our regulatory scope under review and will update this page if that happens.