Medullan Attains Renewed ISO 27001/27018 Certification

BOSTON - April 28, 2020 - PRLog -- Medullan, a digital medicine / digital health innovation firm serving the life sciences, payer, provider and other health service/technology industries, announced today that it has been recertified as an ISO/IEC 27001:2013 certified provider whose Information Security Management System (ISMS) has received third-party accreditation from the International Organization for Standardization (ISO). This scope of accreditation covers all Medullan's offices and the full breadth of its offerings – digital medicine/health innovation consulting, software development services, and the VARA™ platform software solutions.

Compliance with this internationally recognized standard confirms that Medullan's security management program is comprehensive and follows leading practices. This ISO certification ensures a systematic approach to managing sensitive company, client, and individual information and related IT assets, while also helping ensure compliance with privacy laws and regulations around the world. This is intended in part to provide more assurance to clients in both the US (namely pertaining to HIPAA) and the European Union (as well as its member states such as Germany and France).

"Obtaining ISO/IEC 27001:2013 certification is a clear indication to our customers and prospects that Medullan continues to commit to the highest level of information security," said Founder and CEO Ahmed Albaiti. "Medullan's information security management system ensures we're preserving privacy and confidentiality, and that we're constantly working to improve information security controls. It's a key component of our approach to Responsible Innovation where we manage risks, ensure compliance, and help our clients establish appropriate governance of their Digital Medicine and Digital Health programs."

ISO/IEC 27001:2013 is an information security management system standard published in October 2013 by the International Organization for Standardization and the International Electrotechnical Commission.

ISO/IEC 27018:2019 is a Code of Practice for the protection of Personally Identifiable Information (PII) in Public Clouds and provides implementation guidelines for controls based on ISO/IEC 27002.

A-LIGN, an independent, third-party auditor, found Medullan to have technical controls in place and formalized IT Security policies and procedures. A-LIGN is an ISO / IEC 27001 certification body accredited by the ANSI-ASQ National Accreditation Board to perform ISMS 27001 certifications.

Medullan has implemented security measures and countermeasures that protect it from unauthorized access or compromise, and IT personnel were found to be conscientious and knowledgeable in best practices.

In addition to its ISO/IEC 27001:2013 certification, Medullan attained HITRUST certification in 2018, and is currently performing work for HITRUST recertification.

Medullan Inc. was founded in 2005 and is a leading digital medicine and digital health firm that assists clients in formulating a digital portfolio strategy, developing product-specific digital strategies, UX research and design, technology architecture and enablement, outcomes design & measurement, commercialization and collaboration, and Governance Risk & Compliance frameworks to support responsible innovation.