Skip to content


Data Security Protection Toolkit (DSPT)
Health & Social Care App Framework
DTAC & DFOCVC Compliant
DCB0129, Clinical Risk Management

Our accreditations and frameworks

CE marked medical device focused on information and patient security

Doctrin operates in health and medical care with especially high information security requirements. Information security is a priority at Doctrin. We are ISO/IEC 27001:2022 certified, which is an international standard that describes best practices for a management system for information security.  This standard is designed to help organisations to secure information in a systematic and cost-efficient way.

By being ISO 27001 certified, we show our commitment to protecting our customers’ sensitive information.

Read more about ISO27001 Read more about Doctrin’s certification

Certifications and frameworks

Cyber Essentials Plus

An enhanced version of Cyber Essentials, a security certification in the United Kingdom which is considered to be a basic but effective safety standard for organisations. It focuses on protecting organisations against a number of common cyber threats, and specialises in countering harmful programs distributed via the Internet and cyber attacks.

Data Security Protection Toolkit (DSPT)

DSPT is a framework primarily in the health and medical care industry. It is a tool for organisations to demonstrate that they practice good data security and fulfil legal requirements, especially those covering patient and personal data. DSPT is particularly relevant to organisations that work with the NHS and need to show that they process patient data in an efficient and effective way.


ORCHA is one of the leading providers of Health and Care App evaluations and reviews. It provides an objective and independent assessment of health and medical applications. As an advisory service, ORCHA advises where regulatory issues may be important and should be considered further, especially within the MedTech area.

Patient security

Doctrin’s platform provides a CE marked class 1 medical device under MDD 93/42/EEC, in accordance with the EU Medical Devices Directive. The device generates medical reports and recommendations based on the patient’s medical history.

In accordance with the transitional provisions, we have ongoing certification for our device under MDR (product class IIb), with BSI 2797 as a notified body. 

The product does not perform auto-triage, diagnostics, or treatment.

All data is transferred encrypted, and processed in accordance with the Swedish Personal Data Act, the Swedish Patient Data Act and the EU General Data Protection Directive (GDPR).

Doctrin’s view on patient risk and how we work to improve it


By possessing certifications, we guarantee adherence to industry-leading practices for software and risk analyses.

Risk management

We collaborate closely with clients in the domains of risk management and monitoring. Doctrin aligns with ISO 14971, a standard governing the principles of risk analysis and risk management.


We base our work on independent research and evaluate the ongoing performance and security of our device.

If you have any questions, please contact

Tor Moström

Chief Technology Officer

Tove Karlsson

Head of Medical & QARA