Security, Privacy and Regulatory
Arterys is committed to protecting patient and customer information. Our products and services are designed and developed with security as a high priority, and the security certifications we’ve obtained and our conformance to various standards and regulations attest to this commitment.
Arterys by numbers
.png)

.png)

.png)
.png)
Security in the cloud:
Protecting Customers’ Data with Industry Leading Security
The cloud is essential to the Arterys MICA platform. With AWS and a shared responsibility model, we are able to provide our users with on-the-go access to patient data, automatic changes and updates, high availability, disaster recovery, 24/7 monitoring and support, and a robust and redundant infrastructure that ensures patient data can always be securely housed and accessed.
Arterys' processes and products have received external certification to:
.png)
ISO 13485 Medical Device Quality Management Systems Medical Device Single Audit Program (MDSAP) certification, including the regulations for the US, Canada, and Brazil
.png)
US FDA 510(k) device clearance - 8 in total
EU CE certificate for Medical Device Directive (MDD) Full Quality Assurance, which also covers the UK
Health Canada medical device license
Other countries, including Israel, Saudi Arabia, Singapore, Hong Kong, and Brazil
.png)

ISO/IEC 27001 Information Security Management Systems
France ASN HDS (HDH - Health Data Host) certification reference system, including all 6 levels/activities
Arterys has completed self-assessments and claims conformance to many other standards and regulations, including:
.png)
ISO/IEC 27017 Cloud-specific security controls
ISO/IEC 27018 Protection of personal data in the cloud
UK NHS data security standards (National Data Guardian), as per the NHS Data Security and Protection (DSP) Toolkit

EC 62304 Medical device software lifecycle
IEC 14971 and AAMI TIR57 Medical device risk management
IEC 62366-1 Application of Usability Engineering to Medical Devices
IEC 82304-1 Health software product safety and security requirement
IMDRF/GHTF - Various guidances, including for Software as a Medical Device (SaMD)Various guidances published by each of the countries that we are cleared to market in, such as the US, Canada
Arterys claims conformance to various privacy and data protection regulation:
EU General Data Protection Regulation (GDPR)
USA HIPAA Privacy and Security Rules for health data
Canada Personal Information Protection and Electronic Documents Act (PIPEDA)
California Consumer Privacy Act (CCPA)
DICOM data is de-identified according to the basic NEMA application confidentiality profile. The remaining DICOM data is then sent to regional servers, ensuring that data acquired in the US never leaves the US and data acquired in Europe never leaves the European Union
