Security
Security and Compliance
Medsensio is strongly committed to data privacy, IT security and quality. Securing health and personal data in the cloud is among our highest priorities.
At the moment we are compliant with and/or are working to be compliant with the standards and regulations as follows below.
GDPR and data protection
Securing health and personal data for our customers and users is of highest priority. Read our privacy policy in order to understand which data we keep and what kind of processing actives we do on the data. Our legal basis for processing and collection of data is based on consent from the user. Under the Norwegian law we comply with Normen 6.0 and we perform DPIA. Documentation related to DPIA and Normen 6.0 compliance can be shared upon request.
Contact Medsensio via
Email: privacy@medsens.io,
Postboks: Medsensio AS, Sykehusvegen 21, 9019 Tromsø
Medical device development
Medsensio has implemented a quality management system following ISO 13485:2016 for design and development as well as subsequent sales, production, distribution, installation of and service for medical software solutions. This ensures that we follow procedures governing responsibilities expected from a developer of medical devices.
Our machine learning algorithms will be further documented as applicable for software as medical device (SaMD) compliance with MDR. This will ensure that the product fulfils it's intended medical purpose as well as the defined specifications.
Information and cloud security
Medsensio has been designed with security in mind from the start. That means we follow ISO 27001 internally and all data transfer is encrypted end-to-end. Medsensio processes personal and health data through Amazon web services (AWS). All data storage and data processing happens inside EU on servers stored physically in Ireland. AWS is GDPR and ISO 27001 compliant. We use a shared responsibility model.
Data storage is encrypted at rest at all times and only decrypted during processing. We are patching security vulnerabilities continuously, monitor vulnerabilities through several means, such as package scanning and container scanning. We follow the security standards as further described here, which performs automatic security check regarding infrastructure. We can also provide reports that show all implemented controls.
Links and documents
ISMS scope
Security policy
Quality policy
Compliance & Certifications
NS-ISO/IEC 27001:2017
Medsensio complies with the Information Security Management Systems (ISMS) requirements
.png)
Quality management
Medsensio QMS is implemented according to ISO 13485: 2016
.png)
EU-GDPR
We are committed to comply with GDPR and any local specific regulation regarding data privacy
Quality Policy
Medsensio always adheres to the updated guidelines from the Medical Device Regulation (MDR) 2017/745. Furthermore, the company commits to comply with ISO 13485: 2016 and IEC 62304: 2015 requirements and other applicable legal and standard requirements.
Download the complete quality policy below.
Information Security Policy
Medsensio always adheres to the updated guidelines from the Norwegian Directorate for eHealth through the Code Of Conduct for data protection of personal data, health data and information security, and ensures that the provided products and services comply with EU´s General Data Protection Regulations (GDPR) and applicable law.
Download the complete information security policy below.