Permissioned access
Role-based authorization governs who can access workflows, environments, and high-impact operations.
Security overview (Draft baseline)
This page summarizes publication-safe security controls for procurement orientation. It intentionally avoids unsupported certification claims.
Document status: Draft for security/legal reviewLast updated: 2026-02-17Owner: Security + Legal
Security controls are aligned with applicable NIS2/CRA expectations and are implemented through permissioned access, end-to-end encryption, and immutable traceability. This statement is not a certification claim.
Security control baseline
End-to-end encryption
Sensitive flows are protected with encryption controls across transit and approved storage boundaries.
Data-boundary control
Clinical payload storage remains tenant-scoped with no centralized clinical payload repository.
Immutable traceability
Operational events are recorded with append-only traceability to support audit integrity and investigations.
Vulnerability and patch process
Security issues are triaged, prioritized, and tracked through controlled remediation workflows.
Disclosure limitations
- Detailed topology, key-management internals, and sensitive architecture specifics are not publicly disclosed.
- Control implementation detail is shared under procurement and security review channels.
- Regulatory or certification conclusions are not implied unless formally published with evidence.