Zur ISO 27001 Zertifizierung
Transparente Offenlegung
AIAgens ist derzeit nicht ISO 27001 zertifiziert. Unsere Infrastruktur wird jedoch in ISO 27001 zertifizierten Rechenzentren gehostet, unsere Prozesse sind am ISO 27001:2022 Framework ausgerichtet und unsere Technologieanbieter sind SOC 2 Type II zertifiziert, was gleichwertige oder hohere Sicherheitsgarantien bietet.
What We Have
- ISO 27001 aligned policies
- SOC 2 Type II certified infrastructure
- GDPR & Swiss FADP compliance
- EU Data Residency
- Data Processing Agreement
Legal Basis
- Swiss FADP does not require ISO 27001
- Requires "adequate technical measures"
- SOC 2 provides equivalent assurance
- Art. 321 CP auxiliary compliance
Zero Data Retention Architektur
Die sichersten Daten sind Daten, die nie gespeichert werden
No Call Recording
Voice conversations are never recorded or stored
Real-Time Processing
Voice data processed in-memory and immediately discarded
Appointments Only
Only scheduling data stored (date, time, name)
No Medical Data Processing
Our AI receptionist handles scheduling only. It does not access patient records, diagnoses, or any clinical information.
Schweizer Rechtsrahmen
| Regulation | Requirement | Status |
|---|---|---|
| nLPD/FADP | Adequate technical and organizational measures | Compliant |
| Art. 321 CP | Professional secrecy for healthcare auxiliaries | Compliant |
| GDPR | EU data protection regulation | Compliant |
| Swiss-US DPF | Data Privacy Framework certification | Certified |
Art. 321 CP - Auxiliary Status
Under Swiss criminal law, IT service providers are recognized as "auxiliaries" of healthcare professionals. This means we are bound by the same professional secrecy obligations as your staff, with criminal penalties for violations.
Technische Sicherheitsmassnahmen
Schutz auf Enterprise-Niveau
Encryption
TLS 1.3 in transit, AES-256 at rest
EU Data Center
ISO 27001 certified infrastructure in Frankfurt
Access Control
Role-based access, need-to-know principle
24/7 Monitoring
Real-time threat detection and alerting
Audit Trails
Immutable logs of all system access
Daily Backups
Encrypted backups with 30-day retention
Vertragliche Zusicherungen
Was wir schriftlich zusichern
Data Processing Agreement
GDPR Art. 28 compliant DPA with standard contractual clauses
Confidentiality Clauses
Art. 321 CP aligned confidentiality obligations
Breach Notification
24-hour notification commitment for any security incidents
Data Deletion
Guaranteed data erasure upon contract termination
Fragen?
Unser Team ist bereit, Ihre spezifischen Sicherheitsanforderungen zu besprechen