Managed Security

One security posture. Every partner. All your data.

Because your data lives in Sirona's unified cloud, Sirona can manage the security process on your behalf. We handle the integration reviews, the compliance questionnaires, and the security negotiations directly with the health systems you want to partner with — so small practices can partner with organizations they never could before, and large systems consolidate dozens of vendor reviews into one protocol.

See Sirona in Action

How Sirona is Different

Sign contracts you couldn't sign before

A private practice approaches a large health system about a new imaging contract. The conversation goes well — then the security questionnaire arrives. 400 questions about encryption, incident response, data residency, BAA scope, disaster recovery, SOC controls. Most small practices can't answer half of them and lose the deal. With Sirona as the data platform, that entire review shifts to us. We respond to the questionnaire, negotiate the BAA, handle the integration review, and demonstrate the security posture. Practices who couldn't qualify for enterprise contracts on their own qualify through Sirona. The platform becomes your security team.

Security managed end-to-end

Certifications, encryption, integration handling, monitoring, incident response, and audit support — all owned by Sirona, all inherited by every customer.

Active SOC 2 Program

An active SOC 2 control program and HIPAA-aligned posture every customer inherits — a partner's security review runs against Sirona's platform posture, not gaps you have to remediate before a contract closes.

HIPAA BAA Included

HIPAA-compliant by default with a Business Associate Agreement on every contract. The BAA covers every Sirona application and every data flow through the platform.

AES-256 Encryption

AES-256 encryption at rest. TLS 1.3 in transit. Key management handled by AWS KMS with customer-managed key options for customers who require them.

Integration Reviews Handled

When a health system requests a security review before integrating, Sirona responds directly — questionnaires, architecture diagrams, security-testing evidence, and BAA negotiation.

Continuous Logging & Monitoring

Every access event and integration flow is logged and monitored, with alerting on the roadmap toward a fully managed detection capability. Owned by Sirona — not your IT department.

Dedicated Security Liaison

Every customer gets a named security liaison on the Sirona team — a single point of contact for audit support, partner questionnaires, and incident communication.

What Sirona manages on your behalf

Integration Reviews

Health-system security questionnaires answered by Sirona

When you enter negotiations with a large health system, their security team will send a questionnaire — often hundreds of questions spanning encryption standards, access controls, incident response, data residency, BAA terms, disaster recovery, and SOC controls. Sirona's security team responds to these questionnaires directly. We provide architecture diagrams, security evidence, and BAA language. The practice doesn't have to become a compliance expert to close the deal. Sirona is the compliance expert, on your contract.

Sirona security team responds to partner questionnaires directly

Architecture diagrams and security evidence on file

BAA negotiation handled end-to-end

Practices close enterprise deals they couldn't qualify for alone

Continuous Compliance

A compliance posture maintained continuously

Security compliance isn't a document you file once — it's a posture that has to be demonstrated every day. Sirona runs an active SOC 2 control program and keeps HIPAA controls current across every module, so when a health system's compliance team asks for evidence, the answer is ready. Practices don't have to chase certifications — they inherit Sirona's security posture the moment they onboard.

Active SOC 2 control program, maintained continuously

Attestation details shared with partners under NDA

HIPAA controls built into every module and data flow

Evidence available on demand — no scramble when partners ask

Incident Response

Incident response owned by Sirona, inherited by every customer

Small practices can't afford a dedicated security operations capability. Large practices often can, but duplicating it for every vendor relationship is impractical. Sirona owns incident response for the platform — logging and monitoring access events, investigating and containing issues, and communicating on HIPAA breach-notification timelines with full forensic detail. A fully staffed 24/7 SOC is part of the security roadmap. You don't staff incident response — you subscribe to it.

Continuous audit logging and monitoring across Sirona infrastructure

Incident triage, containment, and investigation handled by Sirona

HIPAA breach-notification timelines and communications owned by Sirona

Forensic detail and root-cause analysis provided to affected customers

Audit Support

When your customers audit you, Sirona shows up with you

Every health-system partner eventually audits its vendors. The partner sends questions, requests evidence, and sometimes schedules on-site walkthroughs. For traditional PACS deployments, the practice runs that audit alone — often without the information the auditor wants. With Sirona, the audit runs against Sirona's unified posture. Your security liaison helps prepare responses, supplies the security evidence, and joins the audit call if needed. Compliance review goes from a scramble to a process.

Named security liaison from Sirona on every customer account

Partner audit responses coordinated between customer and Sirona

Security evidence supplied on demand

Joint audit calls with Sirona security engineers when customers need them

Security at enterprise scale

Active

SOC 2 control program — HIPAA controls platform-wide

1

security posture consolidating every health-system relationship

Continuous

audit logging and monitoring across all Sirona infrastructure

Security that closes contracts

Who We Are to Our Customers

[I am a] breast imager... The experience with working with Sirona has been phenomenal. You guys are easily the most responsive team that I've worked with in regards to IT. When I say there's an issue, you guys are on it right away. That has been just amazing. Every other place should look at Sirona as an example.

Dr. Casey Cotton

ERA

How Dr. Luke Roller Built a Practice From Scratch

Dr. Luke Roller built his practice from scratch on Sirona alone — and explains why one unified platform was all he needed to start reading and extend access to care.

FAQs

What does Sirona actually manage under Managed Security?

Sirona owns and operates the security posture of the unified cloud platform: an active SOC 2 control program, HIPAA safeguards with a BAA, encryption at rest and in transit, continuous audit logging and monitoring, incident response, and security questionnaire responses. When a partner requests a security review, Sirona's security team responds directly on your behalf. You inherit the posture.

How does Sirona help me close deals with large health systems?

Large health systems require extensive security reviews before integrating any vendor. These reviews often include hundreds of detailed questions about encryption, compliance controls, incident response, and BAA terms. Sirona responds to those questionnaires directly — supplying security evidence, architecture diagrams, and negotiated BAA language. Practices that would struggle to qualify on their own qualify through Sirona.

What certifications does Sirona hold?

Sirona runs an active SOC 2 control program — attestation details are shared with partners under NDA through your security liaison — and is HIPAA compliant with a Business Associate Agreement on every customer contract. Evidence is available on demand.

What do I remain responsible for as a Sirona customer?

Sirona manages platform security — the cloud infrastructure, the application, the data at rest and in transit, and the integrations through Sirona. You remain responsible for managing your own users (role assignments, offboarding), the security of the endpoints they use (workstations, laptops, mobile devices), and any non-Sirona systems that touch patient data. Our security liaison will walk through the responsibility matrix during onboarding.

What happens if there's a security incident?

Sirona's security team detects and responds to incidents in the platform. If an incident affects your data, Sirona investigates, contains, and communicates under HIPAA breach-notification timelines. You receive a full forensic write-up, a root-cause analysis, and remediation details. Sirona's security liaison coordinates any partner notifications required by your contracts.

Can customers request additional security controls?

Yes. Customer-managed AWS KMS keys, IP allowlisting, enhanced audit log retention, and custom BAA terms are all supported. Enterprise customers often bring their own compliance requirements — we add them to the managed posture rather than building them in parallel.