Skip to main content
Certification and Accreditation
Updated yesterday

We recognize the importance of security certification and accreditation for demonstrating compliance with industry best practices for protecting sensitive healthcare information.

Our secure platform

The Corti solution uses Microsoft Azure for all data hosting services, with data for each customer held within a specified geographical region to meet their requirements.

Microsoft has designed Azure with industry-leading security controls, compliance tools, and privacy policies to safeguard data stored in the cloud. This feature ensures that the Corti service platform complies with global and regional privacy standards, including:

  • ISO/IEC 27001 - International Standard for Information Security Management

  • ISO/IEC 27018 - Code of practice for protection of Personally Identifiable Information (PII) in public clouds acting as PII processors

  • SOC 1 - System and Organizational Controls for financial reporting

  • SOC 2/3 - System and Organizational Controls for compliance and operations

  • US FedRAMP - Federal Risk and Authorization Management Program for cloud services

  • EU-U.S. Privacy Shield Framework for transfer of personal data to the US

  • EU GDPR - General Data Protection Regulations for personal data protection and privacy within the European Union

  • HIPAA/HITECH - Health Insurance Portability and Accountability Act and Health Information Technology for Economic and Clinical Health Act for protection of Protected Healthcare Information (PHI) within the US

Azure additionally adheres to security controls for national standards where applicable, including:

  • MTCS - Multi-Tier Cloud Security Standard for Singapore for security and confidentiality of data in the cloud

  • IRAP - Australian Infosec Registered Assessors Program for the assessment of data storage, processing, and communications infrastructure

  • ENS - Spanish High-Level Security Measures (Esquema Nacional de Seguridad) for cloud services

  • BSI C5 - Germany’s BSI C5 health data on cloud security

  • HDS - France’s Hébergeurs de Données de Santé (HDS) certification of health data hosting

More information and documentation of Microsoft Azure compliance of many more standards is available here - https://learn.microsoft.com/en-us/azure/compliance/

Corti’s Certification and Accreditation

Corti ensures that its data protection and cyber security are aligned with market and regulatory requirements including compliance with several strict frameworks:

  • SOC2/3 - System and Organizational Controls for compliance and operations - demonstrated by an external type 2 audit.

  • US HIPAA privacy regulation of personal health data.

  • US FedRAMP - Federal Risk and Authorization Management Program for cloud services

  • US Criminal Justice Information System (CJIS) - Corti complies with the CJIS regulation for products without access to criminal records.

  • GDPR - General Data Protection Regulations for personal data protection and privacy regulation for EU and UK - demonstrated by an external ISAE 3000 type 1 audit.

  • German BSI C5 for health data on Cloud security - demonstrated by an external type 1 audit.

  • UK Cyber Essentials security standard certification.

  • UK Data Security and Protection Toolkit (DSPT) certification.

  • UK DCB0129 - clinical risk management system compliance.

  • UK Digital Tech Assessment Criteria (DTAC) compliance report available for customers.

Corti appointed an external Data Protection Officer (DPO) who supports data protection with a focus on GDPR compliance.

Corti employs Crest accredited NCC Group to run annual Web Application Assessments and Cloud Configuration reviews including penetration tests.

Did this answer your question?