Information Security
Policy Statement

Heala is committed to the confidentiality, integrity, and availability of her information assets and shall implement measures through the establishment.

Heala is committed to the continual improvement of her information security to protect the organization’s information assets against all threats.

Heala is also committed to complying with all applicable legal, regulatory, and contractual requirements related to information security in her services and operations.

In accordance with ISO27001, Heala will analyze and understand its information security risks, helping the organization decide what it needs in place to meet its information security objective.

Heala will understand applicable requirements, and in accordance with our risk assessment, we will, as appropriate, implement what is necessary to meet those requirements.

All users and custodians of information assets owned by or entrusted to Heala shall comply with this policy and exercise a duty of care in relation to the storage, processing, and transmission of the organization’s information and information systems.

Our Commitment

● Clearly define ISMS objectives and support them with adequate resources to safeguard sensitive data.

● Upholding the security and privacy of patient information by complying with all applicable legal, regulatory, and industry standards, including ISO 27001:2022.

● Providing comprehensive information security training to all employees to enhance awareness.

● Protecting critical healthcare systems and data to ensure service continuity and minimize disruptions to patient care.

●Implementing a well-rounded risk management framework to proactivelyidentify, assess, and mitigate information security risks, ensuring the resilience ofhealthcare operations.

●Continuously improving and optimizing the ISMS to adapt to emerging threats,regulatory changes, and technological advancements while maintaining ISO27001 certification.

Conclusion

Heala is dedicated to ensuring that all employees are well-informed and trained on information security policies and practices. Policies are made accessible to external parties as necessary and are reviewed periodically to address any changes in regulations, business activities, or other relevant factors.