Requirements related to your hosting environment and infrastructure.
What you need to design, implement, and document to ensure compliance.
Documentation, policies, privacy risk assessments and legal tasks.
In terms of legal responsibility, Chino.io gives you much more than a classical Cloud provider since it covers also technical requirements, such as your health sensitive data storage and protection.
Keep in mind also that with Chino.io you can achieve application (or record) level encryption, where an attacker can't access to your health data if he violates your Applications.
Each API call uses HTTPS/TLS to protect data transfers, while all documents at rest are encrypted using AES-256. Each user has different encryption keys, stored on different locations.
Flexible and granular access control policies can be setup via the API to define access rights for single users or groups of users to single documents or collections of documents.
Daily incremental backups of all data. Backups are encrypted using AES-256 algorithms and transferred to a different physical location.
Control who accesses your data, when it was accessed, and from where. Logs are legally valid and non-modifiable.
We provide one-per-customer physical server (or more) at your service. We provide only the state of the art in terms of security and power.
Constant (24/07) security monitoring of API behavior, attacks, and any anomaly in the system. Technology partially developed also in the C3ISP EU innovation project.
The ISO 13485 is the de facto mechanism to demonstrate compliance to regulations such as the new EU Medical Device Regulation (MDR), that came into force in May 2017. Chino.io certification saves your time and money providing you all necessary guarantees that are required for building your medical grade applications. If your suppliers are not ISO 13485 certified, then you must put in place necessary procedures, tests, monitoring activities, and documentation to demonstrate their compliance, before going to the market. Download the certificate here.
The Chino.io ISO 9001 certification means that Chino.io established, maintains and improves constantly the organizational structure, responsibilities, procedures, processes, and resources to consistently satisfy ISO 9001 quality requirements. ISO 9001 is a necessary certificate for all service providers in the medical context where end products (medical devices or software) must be ISO 13485 certified. Download the certificate here.
ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. Chino.io implements all controls and constantly improves its Security Management System, exceeding the requirements and keeping its services always at state of the art level in terms of security best practices. Download the certificate here.
We can help you understand better what we offer and how it can be integrated into your solution, without commitment