ISO 27001

Overview

vitalera implements an Information Security Management System (ISMS) aligned with ISO/IEC 27001:2022, ensuring the confidentiality, integrity, and availability of all information assets. This is critical for a healthcare API platform that processes patient vital signs, clinical observations, and protected health information for remote patient monitoring programs.

Security Controls

Key security measures include:

Access Control: Role-based access with multi-factor authentication
Encryption: Data encrypted at rest (AES-256) and in transit (TLS 1.2+)
Monitoring: Continuous security monitoring and alerting
Incident Response: Defined procedures for security incident handling
Business Continuity: Disaster recovery and backup procedures
Supplier Management: Security requirements for all third-party providers

Relationship to SOC 2

ISO 27001:2022 Annex A controls cover the same domains as the SOC 2 Trust Service Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy). For US enterprise customers whose vendor review accepts "SOC 2 or equivalent," ISO 27001 is the most widely recognized equivalent. See the SOC 2 page for the full TSC coverage mapping and instructions to request a security review packet.

Infrastructure

vitalera runs on cloud infrastructure hosted in the EU with:

Network isolation and segmentation
Least-privilege firewall rules and access controls
Encrypted managed databases
Encrypted object storage
Comprehensive audit logging

Overview​

Security Controls​

Relationship to SOC 2​

Infrastructure​

Overview

Security Controls

Relationship to SOC 2

Infrastructure