Riguardo alla Certificazione ISO 27001
Comunicazione trasparente
AIAgens non possiede attualmente la certificazione ISO 27001. Tuttavia, la nostra infrastruttura e' ospitata in datacenter certificati ISO 27001, i nostri processi sono allineati al framework ISO 27001:2022 e i nostri provider tecnologici sono certificati SOC 2 Type II, che offre garanzie equivalenti o superiori.
What We Have
- ISO 27001 aligned policies
- SOC 2 Type II certified infrastructure
- GDPR & Swiss FADP compliance
- EU Data Residency
- Data Processing Agreement
Legal Basis
- Swiss FADP does not require ISO 27001
- Requires "adequate technical measures"
- SOC 2 provides equivalent assurance
- Art. 321 CP auxiliary compliance
Architettura Zero Data Retention
I dati piu sicuri sono quelli che non vengono mai memorizzati
No Call Recording
Voice conversations are never recorded or stored
Real-Time Processing
Voice data processed in-memory and immediately discarded
Appointments Only
Only scheduling data stored (date, time, name)
No Medical Data Processing
Our AI receptionist handles scheduling only. It does not access patient records, diagnoses, or any clinical information.
Quadro Giuridico Svizzero
| Regulation | Requirement | Status |
|---|---|---|
| nLPD/FADP | Adequate technical and organizational measures | Compliant |
| Art. 321 CP | Professional secrecy for healthcare auxiliaries | Compliant |
| GDPR | EU data protection regulation | Compliant |
| Swiss-US DPF | Data Privacy Framework certification | Certified |
Art. 321 CP - Auxiliary Status
Under Swiss criminal law, IT service providers are recognized as "auxiliaries" of healthcare professionals. This means we are bound by the same professional secrecy obligations as your staff, with criminal penalties for violations.
Misure di Sicurezza Tecniche
Protezione di livello enterprise
Encryption
TLS 1.3 in transit, AES-256 at rest
EU Data Center
ISO 27001 certified infrastructure in Frankfurt
Access Control
Role-based access, need-to-know principle
24/7 Monitoring
Real-time threat detection and alerting
Audit Trails
Immutable logs of all system access
Daily Backups
Encrypted backups with 30-day retention
Impegni Contrattuali
Cosa offriamo per iscritto
Data Processing Agreement
GDPR Art. 28 compliant DPA with standard contractual clauses
Confidentiality Clauses
Art. 321 CP aligned confidentiality obligations
Breach Notification
24-hour notification commitment for any security incidents
Data Deletion
Guaranteed data erasure upon contract termination
Domande?
Il nostro team e pronto a rispondere alle vostre specifiche esigenze di sicurezza