Enterprise Security

Security Due Diligence Pack

Material pack for procurement and security teams during vendor review.

Dorsum Trust Pack

Summary material for procurement, legal, and security reviewers assessing privacy, governance, and operational controls.

Security program aligned to HIPAA safeguards and ISO 27001 governance principles.
Assigned ownership for risk, privacy, incident response, and change management.
Documented policy set for access management, retention, and secure development.

Encryption in transit and at rest for protected clinical and operational data paths.
Role-based access controls with auditability for sensitive support and admin actions.
Controlled data retention lifecycle with deletion mechanisms and policy enforcement.

Formal incident management process with customer communication pathways.
Operational monitoring, alerting, and defined escalation ownership.
Business continuity and service resilience controls reviewed through governance cadence.

Current security and privacy policy summaries

Subprocessor transparency and contractual privacy terms

Access control model and audit logging overview

Retention and deletion policy statement

Incident response and escalation process summary

Data collection is scoped to clinical workflow delivery, support operations, and reliability requirements under contractual and legal obligations.

Access is restricted by role and recorded through auditable control points for privileged operations and sensitive support pathways.