Trust Center

Start your security review
View & download sensitive information
Ask for information
ControlK

Compliance at scale

At Founda Health, trust begins with security. As a platform built to make healthcare data available - securely, compliantly, and at scale - security is not an afterthought; it’s embedded in everything we do. We operate in one of the most sensitive and regulated industries in the world. The confidentiality, integrity, and accessibility of healthcare data are critical not only for compliance but for clinical care, innovation, and collaboration across the health ecosystem. That’s why security is a core principle across the entire Founda Platform:

• From interoperability services to AI and imaging capabilities.
• Across cloud, on-premise, and hybrid deployments.
• Governed by strict certifications and active monitoring, not just policy.

Every solution we deliver is supported by a platform designed to uphold privacy, auditability, and control at every step.

Compliance

C5 Logo
C5
SOC 2 Type 2 Logo
SOC 2 Type 2
HIPAA Logo
HIPAA
GDPR Logo
GDPR
ISO/IEC 27001 Logo
ISO/IEC 27001
ISO/IEC 27017 Logo
ISO/IEC 27017
ISO/IEC 27018 Logo
ISO/IEC 27018
ISO/IEC 27001 SoA Logo
ISO/IEC 27001 SoA
NEN 7510 Logo
NEN 7510

Documents

COMPLIANCEC5
COMPLIANCEISO/IEC 27001
COMPLIANCEISO/IEC 27001 SoA
COMPLIANCENEN 7510
COMPLIANCESOC 2 Type 2
SELF-ASSESSMENTSData Security and Protection Toolkit
SELF-ASSESSMENTSEuropean Medical Device Regulation 2017/745
APP SECURITYApplication Penetration Testing
DATA PRIVACYPrivacy Notice, Founda Health Website
NETWORK SECURITYNetwork Penetration Testing

Infrastructure

Amazon Web Services
BC/DR
Capacity Planning & Management
View more

Product Security

Audit Logging
Multi-Factor Authentication
Product Architecture
View more

Network Security

Network Penetration Testing
Virtual Private Cloud

App Security

Responsible Disclosure
Application Penetration Testing
Code Analysis
View more

Data Security

Access Monitoring
Data Backups
Encryption-at-rest
View more

Corporate Security

Asset Management Practices
Incident Response
Internal SSO
View more

Endpoint Security

Anti-Malware
Disk Encryption
Mobile Device Management
View more

Access Control

Internal Single-Sign-On (SSO)
Logging
Password Security

Self-Assessments

European Medical Device Regulation 2017/745
Data Security and Protection Toolkit

Data Privacy

Cookies
Data Breach Notifications
Data Privacy Officer
View more

AI

AI Governance

ESG

Anti-Bribery and Corruption
Diversity, Equity, and Inclusion
Health & Safety Standards

Legal

SubprocessorsIntermax-company-logoAmazon Web Services (AWS)-company-logoZendesk-company-logo
Data Processing Agreement
Master Services Agreement
View more

Policies

Data Classification Policy
Information Security Policy
Risk Assessment/Management Policy

Risk Profile

Third Party DependenceYes
HostingMajor Cloud Provider

BC/DR

Business Continuity Plan (BCP)
Contingency Plan Testing/Lessons Learned
Data Backup/Backup Protection
View more

Incident Response

Incident Reporting Process

Change Management

Change Management Program
Separation of Duties

Risk Management

Risk Assessments

Asset Management

Asset Inventories (Hardware/Software)
Asset Tracking

Physical & Environment

Alarms & Surveillance
Facility Component Security
Fire Protection
View more

Continuous Monitoring

Automated Compliance Monitoring

Training

Security Awareness Training
Social Engineering Training

Subprocessors

Knowledge Base (FAQ)
  • Does Founda have an Information Security Policy?
  • Does Founda have an internal procedure for handling Information security incidents?
  • Does Founda adhere to the requirements of GDPR and HIPAA?
  • If there was a disaster with Founda Health Systems, how does Founda restore itself?
  • Does Founda conduct periodic penetration tests?
View more
If you need help using this Trust Center, please contact us.
Contact support