Assurance and conformity offering confidence for your industry

We work with countries, governments, industry bodies and sector specific alliances to ensure we meet the necessary standards and required accreditations. Privacy and security are part of our core offer and we are highly aware of the sensitivity surrounding data standards, regulations, and usage.

Accreditations and certifications

placeholder image

ISO 27001:2017 – ISO 27001:2013 audited and certified

Accredited to meet these ISO standards relating to: the development and provision of a Personal Data Management Platform, and ongoing support that allows consumers worldwide to privately and securely share personal data.

placeholder image

NEN 7510 - audited and certified

This Dutch healthcare standard for information security is based on ISO 27001:2013 and the NEN 7510 meets an additional three new health data specific criteria.

placeholder image

Medmij - audited and certified

MedMij standard enables Dutch citizens to gain control over their healthcare data, via personal healthcare systems. Certified service providers must also hold a NEN 7510 accreditation.

placeholder image

Cyber Essentials - Audited and certified

National Cyber Security Centre provides Government-backed certifications to organisations that have demonstrated the required protection levels against common online threats.

Health country level entry’s core medical data model and ontology is based on HL7 FHIR, with connectivity support for a range of systems and standards including oAuth and SAML authentication, and RESTful and SOAP interfaces as well as being configurable to propitiatory and bespoke systems.


England - NHS GPSoC

Status: Reviewed and approved


USA - Epic / Cerner

Status: Reviewed and approved


Netherlands - Medmij

Status: Audited and certified



Status: Audited and approved

Technology operational standards

placeholder image

Our technology is designed to offer the high service levels and best in class security to ensure our services are always available and meet the standards required for the accreditations we meet.

Multiple types and firewall layers to ensure we are not vulnerable to zero day attacks

Production systems follow a principle of least privilege access and all work is time stamped and logged

Only access is given to those who use it

Systems run in a containerised environment and are automatically distributed

Continuous deployments are made in a development environment and automatically tested

Code dependencies are locked and scanned daily against vulnerabilities

For detailed information on our techniques in data privacy in read our Executive Security Briefing.

MyData Operators status 2020 is proudly awarded the MyData Operators status 2020.