ISMS Overview
Information Security Management System documentation for MEDrecord and HealthTalk.
Purpose
The ISMS ensures the confidentiality, integrity, and availability of information assets through systematic management of security risks.
Scope
The ISMS covers:
- HealthTalk platform and infrastructure
- MEDrecord organizational processes
- Third-party services and integrations
- Personnel and physical security
Framework
Our ISMS is based on:
- ISO 27001:2022 - Information Security Management
- NEN 7510:2017 - Healthcare Information Security
- ISO 13485:2016 - Medical Device Quality Management
ISMS Components
| Component | Description |
|---|---|
| Policies | Security policies and standards |
| Procedures | Operational procedures |
| Risk Management | Risk assessment and treatment |
| Incident Response | Security incident handling |
| Access Control | Identity and access management |
Leadership
- Information Security Officer (ISO) - Overall ISMS responsibility
- Data Protection Officer (DPO) - Privacy and data protection
- Quality Manager - QMS alignment
Continuous Improvement
The ISMS follows PDCA (Plan-Do-Check-Act):
- Plan - Establish objectives and processes
- Do - Implement and operate the ISMS
- Check - Monitor and review performance
- Act - Take corrective and preventive actions
Contact
For security questions: security@medrecord.nl
Last updated on