CE-approved
Medibrix is CE-marked in accordance with applicable medical-device requirements.
verified_userTrust center
Security, privacy, and compliance — held to account.
Medibrix handles sensitive health data on behalf of clinics, pharmacies, and chains across Europe. We hold ourselves to the standards that responsibility demands — and document them here.
Security
Built to protect patient data.
Built for healthcare — and compliant with its information-security standards. Certified and audited.
ISO 27001 certified
Information security management system certified to ISO 27001.
GDPR compliance
Data processing agreements, data-subject rights, and documented legal basis for every flow.
Health data handling
Patient information is handled with strict confidentiality and role-based access control.
Operational reliability
Backups, business continuity, and incident response are part of how the platform runs every day.
How we work
The practices behind the badges.
Certifications are a baseline. Here is what we actually do, day to day, to keep patient data safe.
Information security
Medibrix is built on a zero-trust architecture. All data is encrypted in transit and at rest, access is role-based and logged, and our infrastructure is monitored continuously. We follow the Norwegian Code of Conduct for information security and data protection in the healthcare sector (Normen).
ISO 27001 certified
Our information security management system is certified to ISO/IEC 27001 and audited annually by an independent third party. Certification covers the development and operation of the Medibrix platform.
Sub-processors & data location
Patient data is stored encrypted within the EU/EEA. We maintain data processing agreements with every sub-processor, and where any processing involves a third country it is governed by the EU Standard Contractual Clauses.
Continuous security testing
The platform undergoes continuous external security testing, including regular penetration tests by independent specialists. Findings are tracked and remediated through our security management process.
Audit log & access control
Every change and every access to patient data is recorded in a full audit log. Access is granted on a least-privilege basis and reviewed regularly.
Reliability & continuity
Automated backups, business continuity planning, and a documented incident-response process keep the platform available and recoverable.
Security questions?
Talk to our security team.
For security reviews, due-diligence questionnaires, or to report a vulnerability, reach our team directly.