Blog

TRIMEDX Awarded information management security recertification

TRIMEDX was recently featured in Medical Product Outsourcing Magazine for being recertified with the highly regarded International Organization for Standardization’s Information Management Security certification. The full release, as it appeared on Feb. 20, 2024, is below.

ISO 27001:2013 is a widely recognized international standard outlining best practices for information security management. The recertification, valid through December 2026, reverifies that TRIMEDX meets the latest information security industry standards while maintaining and enforcing policies and procedures to ensure the security of data. 
 
“This reaffirms our commitment to excellence for our clients, associates, and stakeholders,” TRIMEDX CEO Henry Hummel said. “We continue our commitment to protecting healthcare providers’ confidential data, ensuring patient safety, and demonstrating operational excellence and rigor around technology and data development and control.”
 
ISO 27001 provides requirements to companies seeking to implement a comprehensive information security management system (ISMS) to effectively provide security of information assets, through a systematic risk management process covering people, processes, and information technology systems. Meeting the standard demonstrates TRIMEDX’s ability to safely and securely manageme information. TRIMEDX was recertified by third-party registrar British Standards Institution.
 
The ISO 27001 certification couples with TRIMEDX’s Service Organization Control (SOC) 2 Type 2 and ISO 13485:2016 certification (valid through August this year) to comprise TRIMEDX’s Quality Management System covering MD QMS and Information Security Management System (ISMS) standards. 
 
ISO 13485 outlines best practices in developing an effective MD QMS that covers the safety and quality of medical devices throughout their lifecycle. SOC 2 is a stringent, third-party industry standard among service organizations that handle client data and is designed to protect the safety and security of the data and its storage. Achieving this level of compliance requires a demonstrated ability to consistently monitor unusual system activity, activate security alerts in the event of security incident, produce detailed audit trails for root cause analysis and quickly take corrective action.
 
“We continue to make security and safety a top priority as we serve our clients,” TRIMEDX Cybersecurity President and Chief Technology Officer Doug Folsom stated. “The protection of client data and information, which ultimately impacts patient safety, differentiates us in what we do to provide clinical engineering services, clinical asset management, and medical device cybersecurity solutions.”
 
TRIMEDX is an independent clinical asset management company delivering comprehensive clinical engineering services, clinical asset informatics, and medical device cybersecurity. The company helps healthcare providers transform their clinical assets into strategic tools, driving reductions in operational expenses, optimizing clinical asset capital spend, maximizing resources for patient care, and delivering improved safety and protection. TRIMEDX was built by providers, for providers, and leverages a history of expert clinical engineering with data on 92% of all active medical device models.