AliveCor is committed to protecting our customers by achieving a high standard of data security and compliance. As our organization scales, we continue to evolve and adapt our data governance and protection strategies, and strive to provide secure technology services to our customers.
ISO 27001 is a globally recognized standard for the establishment and certification of an information security management system (ISMS). The standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving a documented ISMS within the context of the organization’s overall business risks. It sets forth a risk-based approach that focuses on adequate and proportionate security controls that protect information assets and give confidence to interested parties. The details of our ISMS certification are publicly available at https://www.schellman.com/certificate-directory
Completing the SOC 2 Type 2 examinations with zero exceptions listed implies that AliveCor’s Kardia and KardiaPro platforms meet or exceed the stringent security standards set by the American Institute of Certified Public Accountants (AICPA). The examinations report on AliveCor’s system and the suitability of the design and operating effectiveness of security controls.
HIPAA compliance attestation implies that AliveCor’s Kardia and KardiaPro platforms are compliant with the requirements of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and the Breach Notification Rule. These are a list of established performance criteria across the areas of security, privacy, and breach laid down by the Office of Civil Rights (OCR).