# Compliance & Security for Multi-Location Audiology | Auditdata > Keep PHI secure and traceable across every audiology clinic with Azure-hosted services, ISO/IEC 27001 controls, ISO 13485 processes, RBAC, audit trails, and regional privacy alignment (HIPAA, GDPR, APPs). # **Compliance & Security** **for Multi-Location Hearing Care** **** Keep PHI protected and traceable across every clinic with Azure-hosted services, audited controls (ISO/IEC 27001), medical quality processes (ISO 13485), role-based access, and full audit trails. all-features ## **Compliance You Can Count on** Designed for multi-location networks with centralized controls and local enforcement. ## Certified Security Frameworks Independently audited ISO and medical quality certifications give your clinic a strong foundation for privacy and compliance. ## Regional Data Protection From GDPR to HIPAA, we align with the privacy rules where you work, so you can stay compliant without extra systems. ## Built-In Product Security Data protection, encrypted backups, and incident response are part of the platform to safeguard your clinic. ## Full Audit Trails Track user actions, patient record updates, and security changes with role-based permissions and searchable logs. ## Secure and Configurable Start with a ready-to-use setup, then tailor integrations, APIs, and environments to your clinic’s policies. ## Audit-Ready Documentation Paperless workflows, signatures, and training tools make audit preparation faster and more consistent. ## Trusted Azure Hosting Our cloud services run on Microsoft Azure with strict security controls under ISO 27001. framework ## Proven Frameworks, **Audited Controls** **** Operate on an information-security backbone that’s independently certified, so your clinic has a solid foundation for privacy and security. ## ISO/IEC 27001 (ISMS) Annual certification of our Information Security Management System by DNV, mapping controls to Annex A. ## Medical Quality Stack ISO 13485 certification for medical devices under TÜV SÜD; FDA registration and MDSAP are documented on our compliance page. ## Customer Responsibility Clarified We provide detailed info to support your assessment; you remain responsible for confirming fit to your specific regulations. data ## **Data Protection** by Region Tools and agreements to help you meet the privacy rules where you work—without bolting on extra systems. ![Map](https://www.auditdata.com/media/k0vhk4sn/map.png) ## US - HIPAA Security Rule HIPAA Security Rule requirements are addressed via our ISMS; a Statement of Applicability is available under NDA. ## Europe - GDPR readiness Our Data Processing Agreement is designed for GDPR Art. 28; processing follows documented instructions. ## Australia The DPA references compliance with the Australian Privacy Principles (APPs). security Built-In Product Security ## **Security** in Product & Platform Protect data in transit and at rest, control access, and recover quickly if something goes wrong. - Hosting & platform: Auditdata Cloud Services are hosted in Microsoft Azure. - Technical/organizational measures: Pseudonymization and encryption, resilience/availability, tested recovery, and ongoing effectiveness evaluation. - Incident & backup: Documented incident response, encrypted backups, and restore procedures with logging. ![Azure](https://www.auditdata.com/media/1p5nupkt/artboard-1-2x.png) audit Full Audit Trails ## **Know Who Did What**, and When Use role-based permissions and full audit trails to review changes to users, patient records, and security settings—giving administrators a clear, searchable history. Recent releases include dedicated audit logging for role and permission changes. ## Role-Based Access Detailed permissions for secure, least-privilege access. ## Audit Trails Chronological logs of user and patient record changes; dedicated views for security-sensitive changes. ## Offline with Accountability Bridge offline export is tracked in the audit history to preserve traceability. secure ## **Secure by Design,** **Configurable by You** **** Start with a “ready-to-work” setup and adjust to your policies. Open API, Azure hosting, redundancy, and strict security are called out on the Security & Configuration page. - Azure hosting & redundancy (platform resilience). - Open API to integrate securely with your stack. - Default environments with lockable statuses and standardized configurations. documentation Audit-Ready Documentation ## **Keep Documentation Consistent** and Audit-Ready Across Every Clinic Paperless forms, signatures inside reports/surveys, and comprehensive histories help you respond to audits more quickly—without hunting through separate systems. - Audit trail coverage across staff and patient changes. - Signatures in reports/surveys to support in-clinic approvals. - Training modules for documentation & audit trail best practices. azure ## **Built on Microsoft Azure** Auditdata Cloud Services are hosted in Azure; security and availability controls follow our ISO 27001 ISMS and documented TOMs (technical and organizational measures). ## **Responsibilities & Scope** We comply with the data-protection and privacy laws generally applicable to our business activities, and we provide detailed information to help you assess fit. You are responsible for validating that our products/services meet your specific regulatory obligations and for configuring your environment accordingly. ## **Find Out More About How We Support Your Regulatory Requirements** Learn how our certified frameworks and security controls can help your all of your clinics stay compliant. **Frequently Asked Questions** ## Are you ISO 27001 certified? Yes. Our ISMS is certified (ISO/IEC 27001) by DNV and maintained annually; scope covers Audiology Solutions design, development, operation, and support. ## Are you HIPAA compliant? We address HIPAA Security Rule requirements through our ISMS. A HIPAA Security Rule Statement of Applicability is available to customers under NDA. ## Do you support GDPR? Yes. Our DPA is designed to meet GDPR Art. 28 requirements for processors and outlines instructions, security measures, and sub-processor terms. ## What about Australia (APPs)? Our DPA references compliance with the Australian Privacy Principles (APPs) for applicable processing. ## Where is data hosted? Auditdata Cloud Services are hosted in Microsoft Azure. ## Do you encrypt data? Yes. Our documented measures include pseudonymization and encryption, plus resilience, recovery, and regular effectiveness testing. ## Do you have audit logs? Yes. Manage provides audit trails, with new logging for role/permission changes and offline export history in 11.5. ## Can we get your certificates or SoA? ISO certificates are available; detailed Statements of Applicability can be shared to customers under NDA. ## Do you sign DPAs? Yes—the DPA forms part of our standard contractual framework and details processing scope, security, and sub-processor terms. ## 10) Who is responsible for regulatory compliance? We provide controls and documentation; you confirm your clinic’s overall compliance for its specific use cases and regulations.