Oodrive Acquires Indispensable Health Data Hosting Certification

News 10.27.2020 2min Last update : 11.01.2020

Cementing its position as a trusted partner for the healthcare sector

With this new certification, Oodrive will be able to meet the challenges posed by sensitive data protection and security in the healthcare sector. Oodrive, a specialist in SaaS-based software solutions, now offers a trustworthy environment adapted to the healthcare sector, as well as to any party required to handle health data (banks, insurance companies, etc.).

Thanks to the HDS certification, Oodrive’s partners will be able to guarantee their clients that their sensitive and personal health data is appropriately protected.

“Obtaining the HDS certification is an important step in Oodrive’s development, in part because it allows us to expand into the healthcare sector, but also because it is a testimony to the strength and reliability of our services. This is our way of proving to all of our clients who work with sensitive data that we respect the security requirements of such critically important information,” commented François-Xavier Vincent, Chief Information Security Officer at Oodrive.

The scope of HDS certification

Since April 1st, 2018, in order to protect the rights of every person, personal health data must be hosted by a provider certified by a certifying body, which, in turn, must be accredited by COFRAC to conduct audits of HDS certification.

The certifying body carries out a two-step audit to evaluate the host’s compliance with requirements of the certification standards: it includes a documentation audit and an on-site audit.

The audit verifies compliance with the ISO 27001 regulations (related to security management systems), the ISO 20000 regulations (IT services management systems), and the ISO 27018 regulations (personal data protection), as well as other points related to hosting health data.

The certification is valid for a period of three years and requires an annual surveillance audit by the certifying body.

From a technical point of view, Oodrive already offered its users a level of data protection that met these standards. Obtaining the certificate therefore did not necessitate any major changes, only an update of its contracts and some procedures.

Oodrive’s acquisition of the HDS certificate demonstrates once again that its clients are at the core of its business.