Arterys is committed to protecting patient and customer information. Our products and services are designed and developed with security as a high priority, and the security certifications we’ve obtained and our conformance to various standards and regulations attest to this commitment.

Arterys by numbers

ISO 27001 Certification
ISO 27001 Information Security certified
15+ Conformance
15+ conformance to standards/ regulations in security, privacy, and medical devices
SOC 2 Certified
SOC 2 certified
FDA Clearances
8 US FDA 510(k) clearances
100+ deployments across USA and Europe
100+ countries cleared for sale

Security in the cloud:

Protecting Customers’ Data with Industry Leading Security


The cloud is essential to the Arterys MICA platform. With AWS and a shared responsibility model, we are able to provide our users with on-the-go access to patient data, automatic changes and updates, high availability, disaster recovery, 24/7 monitoring and support, and a robust and redundant infrastructure that ensures patient data can always be securely housed and accessed.

Arterys' processes and products 
have received external certification to:

Medical Device Standards
Medical Device Standards

ISO 13485 Medical Device Quality Management Systems Medical Device Single Audit Program (MDSAP) certification, including the regulations for the US, Canada, and Brazil

Country-Specific Medical Device  Clearances
Country-Specific Medical Device Clearances

US FDA 510(k) device clearance - 8 in total

EU CE certificate for Medical Device Directive (MDD) Full Quality Assurance, which also covers the UK

Health Canada medical device license

Other countries, including Israel, Saudi Arabia, Singapore, Hong Kong, and Brazil

Commercially available in over 100 countries
Commercially Available in Over 100 Countries
Security Standards
Security Standards

ISO/IEC 27001 Information Security Management Systems

France ASN HDS (HDH - Health Data Host) certification reference system, including all 6 levels/activities


Ellipse 7


Arterys has completed self-assessments and claims conformance to many other standards and regulations, including:

Security Standards

ISO/IEC 27017 Cloud-specific security controls

ISO/IEC 27018 Protection of personal data in the cloud

UK NHS data security standards (National Data Guardian), as per the NHS Data Security and Protection (DSP) Toolkit




Medical Device Standards
Medical Device

EC 62304 Medical device software lifecycle

IEC 14971 and AAMI TIR57 Medical device risk management

IEC 62366-1 Application of Usability Engineering to Medical Devices

IEC 82304-1 Health software product safety and security requirement

IMDRF/GHTF - Various guidances, including for Software as a Medical Device (SaMD)Various guidances published by each of the countries that we are cleared to market in, such as the US, Canada

Arterys claims conformance to 
various privacy and data protection regulation:

EU General Data Protection Regulation (GDPR)

USA HIPAA Privacy and Security Rules for health data

Canada Personal Information Protection and Electronic Documents Act (PIPEDA)

California Consumer Privacy Act (CCPA)

DICOM data is de-identified according to the basic NEMA application confidentiality profile. The remaining DICOM data is then sent to regional servers, ensuring that data acquired in the US never leaves the US and data acquired in Europe never leaves the European Union