Compliance
CE marked medical device focused on information and patient security
Doctrin operates in health and medical care with especially high information security requirements. Information security is a priority at Doctrin. We are ISO/IEC 27001:2022 certified, which is an international standard that describes best practices for a management system for information security. This standard is designed to help organisations to secure information in a systematic and cost-efficient way.
By being ISO 27001 certified, we show our commitment to protecting our customers’ sensitive information.
Certifications and frameworks
Cyber Essentials PlusAn enhanced version of Cyber Essentials, a security certification in the United Kingdom which is considered to be a basic but effective safety standard for organisations. It focuses on protecting organisations against a number of common cyber threats, and specialises in countering harmful programs distributed via the Internet and cyber attacks. |
Data Security Protection Toolkit (DSPT)DSPT is a framework primarily in the health and medical care industry. It is a tool for organisations to demonstrate that they practice good data security and fulfil legal requirements, especially those covering patient and personal data. DSPT is particularly relevant to organisations that work with the NHS and need to show that they process patient data in an efficient and effective way. |
Patient security
Doctrin’s platform provides a CE marked class 1 medical device under MDD 93/42/EEC, in accordance with the EU Medical Devices Directive. The device generates medical reports and recommendations based on the patient’s medical history.
In accordance with the transitional provisions, we have ongoing certification for our device under MDR (product class IIb), with Intertek 2862 as a notified body.
The product does not perform auto-triage, diagnostics, or treatment.
All data is transferred encrypted, and processed in accordance with the Swedish Personal Data Act, the Swedish Patient Data Act and the EU General Data Protection Directive (GDPR).
Doctrin’s view on patient risk and how we work to improve it
Certifications
By possessing certifications, we guarantee adherence to industry-leading practices for software and risk analyses.
Risk management
We collaborate closely with clients in the domains of risk management and monitoring. Doctrin aligns with ISO 14971, a standard governing the principles of risk analysis and risk management.
Evidence
We base our work on independent research and evaluate the ongoing performance and security of our device.