.avif)
At Kor, data security isn't just a marketing promise; it's a non-negotiable condition of our mission to support companies and their employees in a proactive health approach, within a framework of complete trust. That's why we are proud to announce that Kor is now ISO/IEC 27001 and HDS certified – two of the highest standards in cybersecurity and health data protection.
But what exactly does ISO 27001 mean? And why do we go beyond simply hosting with an HDS-certified provider?
🛡️ ISO 27001: The Assurance of Rigorous, Controlled, and Verified Security Measures
The ISO/IEC 27001 standard is the international benchmark for information security management. It is based on a structured, documented, and verifiable system, which Kor has implemented across all its health assessment activities.
Specifically, this means that security isn't based on good intentions, but on a formal Information Security Management System (ISMS) integrated into our daily operations. Every identified risk is subject to documented treatment, policies and procedures govern all critical dimensions – from data access to software development – and responsibilities are clearly defined. All our employees receive training on these requirements upon arrival and annually thereafter.
The robustness of this environment is verified by independent external audits, conducted by accredited auditors. These evaluations are supplemented by annual surveillance audits, which ensure continuous updates and adherence to requirements. We further enhance this system with regular internal audits.
Technically, these principles translate into concrete security measures: systematic data encryption, centralized supervision, strong authentication, regular external penetration tests, and logging of all actions.
ISO 27001 is not a one-time label; it's a daily operational framework that structures our long-term ability to protect health data.
🔒 HDS-certified host? That's no longer enough.
Historically, hosting data with an HDS-certified provider was considered sufficient, but that's no longer the case.. With the HDS v2 framework coming into effect, the French Digital Health Agency (ANS) clarifies responsibilities between the different hosting layers.
Two certification scopes are now defined:
- Physical Infrastructure Provider, for data centers (such as OVH, AWS, Google Cloud, etc.);
- Managed Hosting Provider, for software and operational layers.
This second scope – often overlooked – directly concerns digital health service providers and covers platform administration under real-world service operating conditions. In other words, many potential security vulnerabilities do not stem from the infrastructure (cloud or “on-prem”) but from how the platform is operated: access management, software configurations, supervision, development practices...
That's why Kor chose to obtain its own HDS certification as a managed service provider. This ensures that security is guaranteed up to the application level, and not solely by our cloud provider. An additional layer of responsibility, now essential for end-to-end protection of health data.
🚀 Dual certification fostering trust
This dual ISO 27001 and HDS recognition demonstrates our commitment to not just meeting the essentials, but aiming for excellence in security. For our clients and users, it's an additional guarantee that health data is handled with rigor, transparency, and responsibility. Because in healthcare, trust isn't decreed. It's built, with evidence to back it up.
.avif)
