Tiro.health trust center

Your trust is our priority. Discover how we protect your data, maintain compliance, and ensure security in healthcare data capture.

At Tiro.health, we uphold a comprehensive security & privacy program that aligns with industry best practices to support the needs of our customers. This makes Tiro.health a trusted choice for those with compliance requirements, including GDPR and ISO27001.

ISO27001 certified
GDPR compliant
FHIR conformant

ISO27001

Tiro.health is certified as ISO27001 compliant, following an external audit. Our complete statement of applicability is available for viewing by any interested party upon request.All ISO27001 controls are applicable and implemented in our ISMS. A short summary:

🔒 Confidentiality

Protecting your data from unauthorized access and disclosure.

Encryption policy

All sensitive data is encrypted both at rest and in transit using industry standards.

Access control

Role-based access controls and ensure only authorized users can access specific data.

Data retention and disposal policy

We only retain data necessary for utilizing our services, for the required duration, in EU-based data centers.

Data classification policy

Data is labeled and handled according to its sensitivity level.

Privacy policy

Outlines how we collect, use, and protect personal data in compliance with GDPR.

🛡️ Integrity

Ensuring accuracy, consistency, and trustworthiness of your data.

Change management policy

All system changes follow structured review, approval, and testing processes.

Segregation of environments

Production, staging, and development environments are fully separated.

Secure development policy

Secure coding practices are embedded into the software development lifecycle.

Information security policy

Sets out our overall approach and controls for managing information security.

Roles and responsibilities

Clearly defined responsibilities ensure accountability for data and system integrity.

🟢 Availability

Ensuring reliable and timely access to systems and your data.

Automated backup process

Regular automated backups are taken and securely stored.

Business continuity and disaster recovery policy

Plans are in place to restore service and data quickly in case of disruptions.

Incident response plan

Enables prompt detection, response, and recovery from security incidents.

Automated alerting for security events

Real-time monitoring and alerts detect unusual or malicious activity.

🚧 Risk & vulnerability assessment

Identifying, evaluating, and mitigating potential threats to systems and data.

Supplier risk policy

Evaluates and manages risks associated with third-party service providers.

Risk register

Central log of identified risks, assessments, and mitigation actions.

Treatment policy

Outlines how we respond to and reduce identified risks.

Vulnerability and patch management policy

Regular scanning and patching of systems to address vulnerabilities.

Third-party penetration test

Independent security experts conduct annual penetration testing.

Network security policy

Controls in place to protect against internal and external network threats.

🏢 Organizational management

Establishing policies, roles, and responsibilities to support information security.

Information security policy

Governs how we protect information across the organization.

Acceptable use policy

Defines proper use of company systems and data by employees.

Access management & identity control

Strong authentication and identity verification practices.

Incident management & business continuity

Structured processes for responding to incidents and maintaining operations.

Supplier & cloud security

Ensures cloud providers and partners meet our security requirements.

Security awareness & training

Employees and new hires are regularly trained on security best practices and compliance standards.

Security FAQ

For any questions relating to security or privacy, please email security@tiro.health

Streamline your clinical documentation with secure structured data

Experience the peace of mind that comes with ISO 27001 certified data security while improving clinical efficiency.

Schedule a demo

“A huge time-saver”

Thanks to Tiro.health's dashboards, doctors from 14 different hospitals can track their quality indicators for inguinal hernia surgery online

Prof. Dr. Miserez
abdominal surgeon at UZ Leuven
Nicky vandervekens testimonial image

“A huge time-saver”

Tiro.health proved to be a reliable partner for our hospital's data strategy

Nicky Vandervekens
Data scientist at AZ Maria Middelares
Dr. Fourneau testimonial image

“A huge time-saver”

Thanks to Atticus from Tiro.Health, all Belgian vascular surgeons can participate in our registry, regardless of their EHR. Without additional administrative burden.

Prof. Dr. Fourneau
Vascular surgeon at UZ Leuven

“A huge time-saver”

Tiro.health has been a reliable partner since the beginning, supporting our clinical working groups with real-time insights into care quality

Prof. Dr. De Ridder
Director of quality at UZ Leuven
Left arrow icon
Right arrow icon