Trust Center

Start your security review

View & download sensitive information

Ask for information

Compliance at scale

At Founda Health, trust begins with security. As a platform built to make healthcare data available - securely, compliantly, and at scale - security is not an afterthought; it’s embedded in everything we do. We operate in one of the most sensitive and regulated industries in the world. The confidentiality, integrity, and accessibility of healthcare data are critical not only for compliance but for clinical care, innovation, and collaboration across the health ecosystem. That’s why security is a core principle across the entire Founda Platform:

• From interoperability services to AI and imaging capabilities.
• Across cloud, on-premise, and hybrid deployments.
• Governed by strict certifications and active monitoring, not just policy.

Every solution we deliver is supported by a platform designed to uphold privacy, auditability, and control at every step.

Compliance

Documents

COMPLIANCEC5

COMPLIANCEISO/IEC 27001

COMPLIANCEISO/IEC 27001 SoA

COMPLIANCENEN 7510

COMPLIANCESOC 2 Type 2

SELF-ASSESSMENTSData Security and Protection Toolkit

SELF-ASSESSMENTSEuropean Medical Device Regulation 2017/745

APP SECURITYApplication Penetration Testing

DATA PRIVACYPrivacy Notice, Founda Health Website

NETWORK SECURITYNetwork Penetration Testing

Infrastructure

Amazon Web Services

BC/DR

Capacity Planning & Management

Product Security

Audit Logging

Multi-Factor Authentication

Product Architecture

Network Security

Network Penetration Testing

Virtual Private Cloud

App Security

Responsible Disclosure

Application Penetration Testing

Code Analysis

Data Security

Access Monitoring

Data Backups

Encryption-at-rest

Corporate Security

Asset Management Practices

Incident Response

Internal SSO

Endpoint Security

Anti-Malware

Disk Encryption

Mobile Device Management

Access Control

Internal Single-Sign-On (SSO)

Logging

Password Security

Self-Assessments

European Medical Device Regulation 2017/745

Data Security and Protection Toolkit

Data Privacy

Data Breach Notifications

Data Privacy Officer

AI

AI Governance

ESG

Anti-Bribery and Corruption

Diversity, Equity, and Inclusion

Health & Safety Standards

Legal

Subprocessors

Data Processing Agreement

Master Services Agreement

Policies

Data Classification Policy

Information Security Policy

Risk Assessment/Management Policy

Risk Profile

Third Party DependenceYes

HostingMajor Cloud Provider

BC/DR

Business Continuity Plan (BCP)

Contingency Plan Testing/Lessons Learned

Data Backup/Backup Protection

Incident Response

Incident Reporting Process

Change Management

Change Management Program

Separation of Duties

Risk Management

Risk Assessments

Asset Management

Asset Inventories (Hardware/Software)

Asset Tracking

Physical & Environment

Alarms & Surveillance

Facility Component Security

Fire Protection

Continuous Monitoring

Automated Compliance Monitoring

Training

Security Awareness Training

Social Engineering Training

Subprocessors

Knowledge Base (FAQ)

Does Founda have an Information Security Policy?
Does Founda have an internal procedure for handling Information security incidents?
Does Founda adhere to the requirements of GDPR and HIPAA?
If there was a disaster with Founda Health Systems, how does Founda restore itself?
Does Founda conduct periodic penetration tests?

Trust Center Updates

External Security Assessment

Copy link

Vulnerabilities

Update: Annual Security Assessment Completed
At Founda Health, we believe that data availability is only possible when built on a foundation of continuous trust and rigorous security. To ensure our platform remains resilient against evolving threats, we have successfully completed our annual independent security assessment.

This year’s assessment was conducted by external security specialists and included:

Vulnerability Assessment and Penetration Testing (VAPT): A comprehensive evaluation of our web applications to identify and remediate potential risks.

Cloud Configuration Review: An audit of our cloud infrastructure to ensure alignment with security best practices and hardened environments.

External Network Penetration Test: A rigorous test of our network perimeter to validate our defenses against unauthorized access.

Improving our security posture
These independent evaluations are a core part of our "Secure by Design" principle. By proactively identifying gaps and implementing remediations, we ensure that the Founda Health platform continues to provide a secure environment for healthcare data exchange across all deployment models.

Access the reports
The detailed findings and summary reports from this assessment are now available for review.

Existing Trust Center users: You can request access directly through the portal.

New visitors: Access is available upon the execution of a Non-Disclosure Agreement

If you need help using this Trust Center, please contact us.

Contact support