Security, Regulatory & Compliance

Rock-solid security. FDA Class I. Built for compliance.

Sirona is the only FDA Class I reporter platform in radiology — any platform that analyzes medical images is a regulated medical device, and Sirona is built to that standard. SOC 2 Type II certified for six consecutive years with zero exceptions, and HIPAA-compliant by design. The master reference for every security, regulatory, and compliance capability across the platform.

See Sirona in Action

How Sirona is Different

The only FDA Class I reporter platform in radiology

Analyzing medical images makes a product a regulated medical device — you cannot power a pixel-driven radiology reporting workflow without FDA designation. Sirona holds FDA Class I designation for its reporter platform, developed under a regulated, design-controlled SDLC. No other reporting platform in radiology carries that regulatory oversight.

The complete security & compliance stack

Every certification, control, and safeguard behind Sirona's security posture.

FDA Class I Reporter Platform

Sirona is the only FDA Class I reporter platform in radiology. Analyzing medical images classifies a product as a regulated medical device; Sirona is built and documented to that standard under a design-controlled SDLC.

SOC 2 Type II

Six consecutive years of SOC 2 Type II certification with zero exceptions, validating security, availability, processing integrity, confidentiality, and privacy across all systems.

HIPAA Compliance

End-to-end HIPAA compliance with encryption, audit logging, access controls, and patient authentication. Built to protect PHI in every clinical context.

Security Testing

Routine third-party security testing, vulnerability management, incident response, and continuous security monitoring.

Encryption Standards

AES-256 encryption at rest, TLS 1.3+ in transit. All data classified and encrypted end-to-end. Zero exposure to unencrypted patient data.

International Expansion

International expansion in progress for 2027 — pursuing EU MDR certification and ISO 13485 medical device standards as the foundational pathway for our international deployment across the UK, EU, South Africa, and UAE.

Built for how radiologists actually work

Regulatory posture, security architecture, and compliance framework — engineered to pass the toughest scrutiny year after year.

Regulatory Posture

FDA Class I — the only reporter platform in radiology

Analyzing medical images makes a product a regulated medical device. Sirona holds FDA Class I designation for its reporter platform and develops under a regulated, design-controlled SDLC — rigorous clinical validation, documented safety, and ongoing compliance that competitors cannot claim.

FDA Class I designation for the reporter platform

Regulated, design-controlled software lifecycle

Rigorous clinical validation and documented safety

Quality system spanning development and deployment

Security Architecture

Security built into every layer

Encryption by default (AES-256 at rest, TLS 1.3+ in transit), comprehensive audit logging for every data access event, role-based access controls, and routine security testing. Monitoring and incident response are continuous, not reactive.

AES-256 at rest, TLS 1.3+ in transit

Audit logging for every data access event

Role-based access controls across all systems

Continuous monitoring and incident response

Compliance Framework

Audited annually. Zero exceptions.

SOC 2 Type II audited for six consecutive years with zero exceptions. HIPAA controls validated across all systems. EU MDR and ISO 13485 in progress for international markets in 2027. Architected to pass the toughest regulatory scrutiny — and prove it every year.

SOC 2 Type II — 6 years, zero exceptions

HIPAA validated across all systems

EU MDR and ISO 13485 in progress for 2027

Independent third-party audit firms

International Expansion

International expansion in progress, 2027

Country-specific security posture for EU (GDPR), UK (DPA), and APAC local residency requirements. Sirona Global architecture is designed to enable regional compliance without re-platforming — the same unified system, deployed to meet local law, as international expansion rolls out in 2027.

EU GDPR-aligned data handling and residency

UK Data Protection Act compliance posture

APAC local residency via Sirona Global architecture

EU MDR + ISO 13485 pathway for medical device access

A security posture you can prove

6

consecutive years of SOC 2 Type II

Zero exceptions

AES-256

encryption at rest, TLS 1.3+ in transit

Encrypted end-to-end

FDA Class I

reporter platform designation

The only one in radiology

HIPAA

compliant by design

PHI protected end-to-end

Built for security and compliance leaders

The RadOS architecture fireside — how Sirona is built.

FAQs

What does SOC 2 Type II certification mean?

SOC 2 Type II evaluates a platform across five domains — security, availability, processing integrity, confidentiality, and privacy. Sirona has been independently audited across all five for six consecutive years with zero exceptions. This is continuous validation, not a checkbox.

Is Sirona FDA-regulated?

Yes. Sirona is the only FDA Class I reporter platform in radiology. Analyzing medical images classifies a product as a regulated medical device — you cannot power a pixel-driven radiology reporting workflow without FDA designation. Sirona holds FDA Class I designation and develops under a regulated, design-controlled SDLC.

What encryption does Sirona use?

AES-256 for all data at rest and TLS 1.3+ for all data in transit. All patient data is encrypted end-to-end. We classify data sensitivity and apply encryption standards accordingly. There is no unencrypted patient data anywhere in the platform.

How does Sirona handle HIPAA compliance?

HIPAA is built into every system: role-based access controls, comprehensive audit logging for every access event, patient authentication, and always-on encryption. HIPAA controls are validated as part of SOC 2 Type II. Compliance is a design principle, not a checklist.

What is the security testing process?

Sirona runs a routine third-party security testing program — external security researchers test the platform for vulnerabilities. Results drive vulnerability management, patches, and incident response. Continuous validation, not a one-time audit.

What regulatory certifications is Sirona pursuing for international markets?

Sirona is pursuing EU MDR (Medical Device Regulation) certification as the foundational pathway for our international expansion, with ISO 13485 also in progress. These pathways will unlock market access across the UK, EU, South Africa, and UAE as expansion rolls out in 2027.