Product Data Security9

Security is essential

The context of the Auditdata business operation is Healthcare in both private and public sectors in worldwide markets. Providing medical device products and services including processing of sensitive personal data in development, operations and customer support set high demands on the organization’s information security capabilities.

Information Security Management System

In order to ensure trustworthy relationships with Customers and Partners, Auditdata maintains and continuously improve its ISMS – Information Security Management System in accordance with the Auditdata Information Security Policy.

The ISMS is a management system, ensuring the implementation, maintenance, and ongoing improvement of the information security management within the organisation. The ISMS is the mechanism ensuring an effective organisational and technical security controls operation.

The Auditdata ISMS is certified in accordance with ISO/IEC 27001:2013 a broad international information security standard. The ISO/IEC 27001:2013 certificate validates that Auditdata has implemented the internationally recognised information security controls defined in this standard, including guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization.

Further reading
I N F O R M A T I O N S E C U R I T Y M A N A G E M E N T S Y S T E M ISO/IEC 270001

Microsoft Windows Azure

Auditdata’s Audiology Office Management System Strato is developed using the Microsoft Windows Azure technology in accordance with the Auditdata product development processes compliant and certified with key industry standards such as ISO/IEC 27001:2013 Information Security Management System and ISO/IEC 13485 Quality Management Systems for Medical Devices.

The Strato service is operated by the Auditdata’s Cloud Operations unit included in the ISO 27001 certificate scope by April 2013.

Strato runs in the Microsoft Windows Azure data centers managed and operated by Microsoft Global Foundation Services (GFS). These geographically dispersed data centers also comply with key industry standards, such as ISO/IEC 27001:2013, for security and reliability. They are managed, monitored, and administered by Microsoft operations staff that have years of experience in delivering the world’s largest online services with 24 x 7 continuity.

In addition to datacenter, network, and personnel security practices, Windows Azure incorporates security practices at the application and platform layers to enhance security for application developers and service administrators.

Windows Azure Logo Png 15 (1)

Data Location

Risk Assessment

Auditdata’s selection of Cloud provider is accompanied by a comprehensive Cloud Computing Service Provider Risk Assessment, in accordance with the ENISA Cloud Computing Risk Assessment Check List (European Network and Information Security Agency) in line with the recommendations of the Danish Data Protection Agency (Datatilsynet), for cloud based processing of sensitive personal data.

To support Auditdata customers in the security evaluation of the Strato service, Auditdata has created a white paper to outline how essential Strato information security controls map to the ISO 27001 security controls providing customers with in-depth information on Auditdata security policies and procedures. The white paper is available on request at compliance@auditdata.com.

To learn more about the compliance capabilities of Microsoft Windows Azure, please visit Windows Azure Trust Center.

 

Questions?

If you have any questions as to how we handle information and keep our and your data safe, please get in touch. 

Fill out the form or contact Dan Haugbøl
Director corporate QA/RA and IT/information security
+45 70 20 31 24

Contact us now