ISO 27001 Certification: Parsek implements new measures for safeguarding patient data and protecting sensitive information

February 15, 2023

Numerous parties in multiple locations actively process sensitive patient data as the healthcare industry increasingly relies on digital tools to manage the care continuum. This is why it is becoming increasingly important to maintain data intact and confidential for those who require it.

Having a few proactive individuals and depending on impromptu actions to build and defend the integrity and availability of IT systems is insufficient. A holistic approach with clear duties, responsibilities, and protocols must be constructed on top of a good training program.

In the past, Parsek has fostered a strong quality-first culture in which security and privacy were treated as first-class citizens. We were encouraged in the last years, while being independently audited for quality management systems (ISO 9010 and ISO 13485), to formalize our long-term commitment to IT security and privacy by becoming ISO 27001 certified. Auditors noted that our IEC 62304 and IHE-compliant medical software development lifecycle has a high level of compliance with ISO 27001.

We have opted to demonstrate our excellence since this will help to increase trust with patients and stakeholders. We are glad to announce that auditors reviewed all of our facilities and determined that our Information Security Management System met ISO 27001 requirements.

At Parsek, we understand that achieving ISO 27001 certification is not the final step in securing patient-sensitive, personal and other confidential data. Management is committed to continuously improving our information security protocols and staying ahead of malicious individuals who may attempt to breach the systems we design.

The adoption of the measures outlined above marks a noteworthy milestone in Openline Group’s strategic objective to establish industry-leading cloud security standards and implement zero-trust security protocols. The latter involves rejecting the assumption that all internal network traffic is secure and, instead, adopting the principle that any traffic could potentially pose a threat until authenticated. This approach involves implementing multiple layers of security measures that prioritize preventing unauthorized access and responding promptly and effectively to any security incidents that may arise.