Open in app

Sign in

Write

Sign in

Doctolib obtains ISO 27001 certification, demonstrating its commitment to information security

Pascal Benard
Doctolib
Published in
3 min readNov 17, 2021

Today, we are proud to share with you that Doctolib has been certified “ISO 27001&HDS following the certification audit conducted by BSI Group, after just over a year of an intensive and exciting project.

Why ?

Our teams are continually working to ensure that we implement the best security practices and that Doctolib’s solutions comply with regulatory requirements for the protection of personal health data.

We all know that ISO 27001 and HDS (“Hébergeur de Données de Santé”, a French decree) certifications do not demonstrate a specific level of security. Our hosting providers already comply with these 2 certifications. But Doctolib has decided to go for these 2 certifications in 2020 in order to enforce our commitment to be exemplary and transparent on these sensitive topics.

Indeed, ISO 27001 & HDS are a fantastic lever to address key security and privacy issues globally within the company, which are key topics for Doctolib.

This is especially true at Doctolib because every time we have had to face an incident, I’ve seen how the teams concerned, from top management to the Security, Legal, IT Services, Product and Engineering, Marketing, Customer Operations, Data Foundation, Finance or HR teams have been involved in solving the problem, learning from our mistakes and, whenever possible, reinventing ourselves to improve (tools, product features, process, policies, organisation, etc.).

How ?

Continuous improvement enabled us to :

  • Build a risk management framework, including the development of a tool, and enable risk-based management
  • Ensure that the implementation of controls is monitored and remains effective over time through permanent controls
  • Establish governance and define KPIs for monitoring and reporting on action plans
  • Define and implement an ambitious awareness programme
  • Raise the level of maturity expected in terms of document management
  • Prove our auditability by collecting evidence that our processes are applied
  • And, last but maybe the most important for our business and as citizens, comply with the requirements of the HDS decree regarding the protection of personal health data.

All these topics had to be addressed and audited in order to obtain certification and we have been able to do all this in pretty a short time (compared to what is usually observed), and with a good result thanks to the fact that continuous improvement is part of the DNA of each Doctoliber. For real.

What ?

What changes for Customers and Patients ?

  • No change in the daily management or usage of service,
  • A guarantee of compliance with the requirements of the HDS decree on the protection of personal health data,
  • Official and permanent certification by an authorised and internationally recognised certification body (BSI Group),
  • A commitment to service availability on the part of Doctolib.

Certification is a never-ending story because it needs to be maintained in time; so we’ll have yearly audit (“major” every 3 years, “surveillance” in between), which means it’s just the beginning, as you all know. 😉

Iso 27001
Healthcare
Technology
Certification

--

--

Pascal Benard
Doctolib

Written by Pascal Benard

1 Follower
Writer for

I share my experience while regularly challenging myself and adapting to the context in which I evolve. https://www.linkedin.com/in/pascalbenard/

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams