
Managed Security
One security posture. Every partner. All your data.
Because your data lives in Sirona's unified cloud, Sirona can manage the security process on your behalf. We handle the integration reviews, the compliance questionnaires, and the security negotiations directly with the health systems you want to partner with — so small practices can partner with organizations they never could before, and large systems consolidate dozens of vendor reviews into one protocol.
How Sirona is Different
Sign contracts you couldn't sign before
A private practice approaches a large health system about a new imaging contract. The conversation goes well — then the security questionnaire arrives. 400 questions about encryption, incident response, data residency, BAA scope, disaster recovery, SOC controls. Most small practices can't answer half of them and lose the deal. With Sirona as the data platform, that entire review shifts to us. We respond to the questionnaire, negotiate the BAA, handle the integration review, and demonstrate the security posture. Practices who couldn't qualify for enterprise contracts on their own qualify through Sirona. The platform becomes your security team.
Security managed end-to-end
Certifications, encryption, integration handling, monitoring, incident response, and audit support — all owned by Sirona, all inherited by every customer.
Active SOC 2 Program
An active SOC 2 control program and HIPAA-aligned posture every customer inherits — a partner's security review runs against Sirona's platform posture, not gaps you have to remediate before a contract closes.
HIPAA BAA Included
HIPAA-compliant by default with a Business Associate Agreement on every contract. The BAA covers every Sirona application and every data flow through the platform.
AES-256 Encryption
AES-256 encryption at rest. TLS 1.3 in transit. Key management handled by AWS KMS with customer-managed key options for customers who require them.
Integration Reviews Handled
When a health system requests a security review before integrating, Sirona responds directly — questionnaires, architecture diagrams, security-testing evidence, and BAA negotiation.
Continuous Logging & Monitoring
Every access event and integration flow is logged and monitored, with alerting on the roadmap toward a fully managed detection capability. Owned by Sirona — not your IT department.
Dedicated Security Liaison
Every customer gets a named security liaison on the Sirona team — a single point of contact for audit support, partner questionnaires, and incident communication.
What Sirona manages on your behalf
Integration Reviews
Health-system security questionnaires answered by Sirona
When you enter negotiations with a large health system, their security team will send a questionnaire — often hundreds of questions spanning encryption standards, access controls, incident response, data residency, BAA terms, disaster recovery, and SOC controls. Sirona's security team responds to these questionnaires directly. We provide architecture diagrams, security evidence, and BAA language. The practice doesn't have to become a compliance expert to close the deal. Sirona is the compliance expert, on your contract.
Sirona security team responds to partner questionnaires directly
Architecture diagrams and security evidence on file
BAA negotiation handled end-to-end
Practices close enterprise deals they couldn't qualify for alone
Continuous Compliance
A compliance posture maintained continuously
Security compliance isn't a document you file once — it's a posture that has to be demonstrated every day. Sirona runs an active SOC 2 control program and keeps HIPAA controls current across every module, so when a health system's compliance team asks for evidence, the answer is ready. Practices don't have to chase certifications — they inherit Sirona's security posture the moment they onboard.
Active SOC 2 control program, maintained continuously
Attestation details shared with partners under NDA
HIPAA controls built into every module and data flow
Evidence available on demand — no scramble when partners ask
Incident Response
Incident response owned by Sirona, inherited by every customer
Small practices can't afford a dedicated security operations capability. Large practices often can, but duplicating it for every vendor relationship is impractical. Sirona owns incident response for the platform — logging and monitoring access events, investigating and containing issues, and communicating on HIPAA breach-notification timelines with full forensic detail. A fully staffed 24/7 SOC is part of the security roadmap. You don't staff incident response — you subscribe to it.
Continuous audit logging and monitoring across Sirona infrastructure
Incident triage, containment, and investigation handled by Sirona
HIPAA breach-notification timelines and communications owned by Sirona
Forensic detail and root-cause analysis provided to affected customers
Audit Support
When your customers audit you, Sirona shows up with you
Every health-system partner eventually audits its vendors. The partner sends questions, requests evidence, and sometimes schedules on-site walkthroughs. For traditional PACS deployments, the practice runs that audit alone — often without the information the auditor wants. With Sirona, the audit runs against Sirona's unified posture. Your security liaison helps prepare responses, supplies the security evidence, and joins the audit call if needed. Compliance review goes from a scramble to a process.
Named security liaison from Sirona on every customer account
Partner audit responses coordinated between customer and Sirona
Security evidence supplied on demand
Joint audit calls with Sirona security engineers when customers need them
Security at enterprise scale
Active
SOC 2 control program — HIPAA controls platform-wide
1
security posture consolidating every health-system relationship
Continuous
audit logging and monitoring across all Sirona infrastructure
Security that closes contracts
Who We Are to Our Customers
“[I am a] breast imager... The experience with working with Sirona has been phenomenal. You guys are easily the most responsive team that I've worked with in regards to IT. When I say there's an issue, you guys are on it right away. That has been just amazing. Every other place should look at Sirona as an example.”
Dr. Casey Cotton
ERA
How Dr. Luke Roller Built a Practice From Scratch
Dr. Luke Roller built his practice from scratch on Sirona alone — and explains why one unified platform was all he needed to start reading and extend access to care.
FAQs
What does Sirona actually manage under Managed Security?
How does Sirona help me close deals with large health systems?
What certifications does Sirona hold?
What do I remain responsible for as a Sirona customer?
What happens if there's a security incident?
Can customers request additional security controls?