// Trust & Security Report

    Aidoc Medical Ltd. logo

    Aidoc Medical Ltd.

    Clinical AI platform (aiOS) for medical imaging analysis; FDA-cleared and CE-marked algorithms for radiology, neurovascular, cardiology, and vascular triage; CARE foundation model; care coordination and patient management modules

    Certifications held

    9

    Maturity

    Enterprise

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    HIPAA
    HELD

    patient privacy is protected as our solutions are HIPAA and GDPR compliant; AI processing is performed on de-identified studies, and no patient health information leaves your facility at any time

    Verify on aidoc.com
    GDPR
    HELD

    patient privacy is protected as our solutions are HIPAA and GDPR compliant

    Verify on aidoc.com
    SOC 2
    HELD

    Adheres to the strictest global security and privacy standards and regulations (SOC2, GDPR, HIPAA compliant)

    Verify on aidoc.com
    NIST CSF
    HELD

    adopted the NIST Cybersecurity Framework (CSF) to provide maximum protection

    Verify on aidoc.com
    EU-U.S. Data Privacy Framework (DPF)
    HELD

    Aidoc Inc. has certified with the EU-U.S. Data Privacy Framework (DPF), the UK-DPF Extension, and the Swiss-U.S. DPF. The company states it adheres to the DPF Principles regarding personal data received from customers or Aidoc Medical Ltd.

    Verify on aidoc.com
    ISO 13485:2016
    HELD

    Certified to ISO 13485:2016, the global standard for medical device quality systems

    Verify on aidoc.com
    MDSAP (Medical Device Single Audit Program)
    HELD

    Certified to MDSAP, Medical Device Single Audit Program

    Verify on aidoc.com
    EU MDR 2017/745
    HELD

    Certified to EU 2017/745 (MDR)

    Verify on aidoc.com
    FDA 21 CFR Part 820
    HELD

    Compliant with FDA's Quality System Regulation (21 CFR Part 820)

    Verify on aidoc.com
    > Show 12 unconfirmed / not-held certifications
    ISO/IEC 27001:2022
    NOT CONFIRMED

    No publicly verifiable evidence. The only source is the Aidoc SafeBase trust center (aidoc.safebase.us), which is registration-gated and returns HTTP 403 to the public; no public Aidoc page lists this certification in text (the Security & Privacy page shows only a logos image). Likely held but could not be independently confirmed.

    source: aidoc.safebase.us
    ISO/IEC 27017
    NOT CONFIRMED

    No publicly verifiable evidence. The only source is the Aidoc SafeBase trust center (aidoc.safebase.us), which is registration-gated and returns HTTP 403 to the public; no public Aidoc page lists this certification in text. Likely held but could not be independently confirmed.

    source: aidoc.safebase.us
    ISO/IEC 27018
    NOT CONFIRMED

    No publicly verifiable evidence. The only source is the Aidoc SafeBase trust center (aidoc.safebase.us), which is registration-gated and returns HTTP 403 to the public; no public Aidoc page lists this certification in text. Likely held but could not be independently confirmed.

    source: aidoc.safebase.us
    C5 (BSI Cloud Compliance)
    NOT CONFIRMED

    No publicly verifiable evidence. The only source is the Aidoc SafeBase trust center (aidoc.safebase.us), which is registration-gated and returns HTTP 403 to the public; no public Aidoc page lists this certification in text. Could not be independently confirmed.

    source: aidoc.safebase.us
    CSA STAR
    NOT CONFIRMED

    No publicly verifiable evidence. The only source is the Aidoc SafeBase trust center (aidoc.safebase.us), which is registration-gated and returns HTTP 403 to the public; no public Aidoc page lists this certification in text. Could not be independently confirmed.

    source: aidoc.safebase.us
    Cyber Essentials
    NOT CONFIRMED

    No publicly verifiable evidence. The only source is the Aidoc SafeBase trust center (aidoc.safebase.us), which is registration-gated and returns HTTP 403 to the public; no public Aidoc page lists this certification in text. Could not be independently confirmed.

    source: aidoc.safebase.us
    NIS2 Compliance
    NOT CONFIRMED

    No publicly verifiable evidence. NIS2 is an EU directive, not a certification. The only source is the Aidoc SafeBase trust center (aidoc.safebase.us), which is registration-gated and returns HTTP 403 to the public; no public Aidoc page references NIS2 in text. Could not be independently confirmed.

    source: aidoc.safebase.us
    TX-RAMP
    NOT CONFIRMED

    No publicly verifiable evidence. The only source is the Aidoc SafeBase trust center (aidoc.safebase.us), which is registration-gated and returns HTTP 403 to the public; no public Aidoc page lists this certification in text. Could not be independently confirmed.

    source: aidoc.safebase.us
    ISO 42001 (AI Governance)
    NOT CONFIRMED

    No public evidence of ISO/IEC 42001 certification found on vendor pages or trust center summary

    source: aidoc.com
    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP authorization found on vendor pages or trust center summary

    source: aidoc.com
    PCI DSS
    NOT CONFIRMED

    Not applicable; no mention on vendor pages (healthcare AI, not payment processing)

    source: aidoc.com
    SOC 2 Type (1 vs 2)
    NOT CONFIRMED

    SOC 2 compliance confirmed but specific Type (1 or 2) not stated on any directly accessible public vendor page; trust center (aidoc.safebase.us) requires registration to view details

    source: aidoc.safebase.us

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Offered

    Data region

    Clinical imaging data processed within customer facility (not transmitted outside per FAQ). Administrative/website data stored in New York (CloudWays/Digital Ocean per privacy policy). Production platform infrastructure on AWS and Azure.

    FAQ states 'AI processing is performed on de-identified studies, and no patient health information leaves your facility at any time,' suggesting clinical imaging data is processed locally within the hospital environment. CARE foundation model was 'trained on real-world, multimodal data' but no explicit public policy on whether de-identified customer data is used for ongoing model training or improvement. No opt-out mechanism mentioned publicly.

    // Security controls

    Encryption in transit

    End-to-end encryption stated: 'data remains protected from the moment it leaves the healthcare provider's facility'

    aidoc.com

    Encryption at rest

    Encryption mentioned as part of optimal data protection stack; specific at-rest standard not publicly stated

    aidoc.com

    Infrastructure

    AWS and Azure; EDR, SIEM, CSPM deployed

    aidoc.com

    Security governance

    Dedicated CISO (Yuval Segev) and Information Security Team; NIST CSF adopted

    aidoc.com

    Monitoring

    24/7 automated monitoring and threat detection with predefined incident response

    aidoc.com

    Data minimization

    Only information strictly necessary for analysis collected; anonymization at source emphasized

    aidoc.com

    Vulnerability / pen testing

    Not publicly disclosed

    aidoc.com

    // Products & data scope

    aiOS PlatformClinical AI Platform (SaaS)

    data: DICOM imaging studies, HL7/FHIR clinical data, de-identified radiology scans and reports; PHI handled under HIPAA BAA

    Proprietary enterprise AI operating system; integrates with PACS, EHR, RIS; runs FDA-cleared and CE-marked algorithms

    Radiology AI (Triage and Notification)Medical AI / FDA-Cleared Algorithms

    data: CT and X-ray imaging data, de-identified per FAQ

    Multiple FDA 510(k) cleared algorithms; largest portfolio of FDA-cleared algorithms on a single platform

    Neurovascular AI (Stroke, Brain Aneurysm)Medical AI / FDA-Cleared Algorithms

    data: CT neuro imaging data

    FDA cleared; CE marked; covers LVO, MeVO, intracranial hemorrhage, brain aneurysm, ASPECTS scoring

    Cardiology AIMedical AI

    data: Cardiac CT and echocardiography imaging data

    Coronary artery disease, echocardiography analysis

    Vascular AI (VTE, Aortic)Medical AI / FDA-Cleared Algorithms

    data: CT vascular imaging data

    FDA cleared for PE detection; includes RV/LV analysis

    Care CoordinationClinical Workflow / Communication

    data: Patient metadata, clinical notifications; HIPAA-compliant chat

    Real-time mobile alerts; HIPAA-compliant communication; integrates with EHR and scheduling systems

    CARE Foundation ModelClinical AI Foundation Model

    data: Multimodal clinical data; training data from real-world hospital partnerships

    Clinical AI Reasoning Engine; trained on real-world multimodal data; powers First Read (AI-drafted radiology reports, FDA Breakthrough Device Designation 2026)

    // What to watch

    • Trust center at aidoc.safebase.us requires registration/authentication; ISO/IEC 27001:2022, ISO/IEC 27017, ISO/IEC 27018, C5, CSA STAR, Cyber Essentials, NIS2 compliance, and TX-RAMP certifications are listed in the indexed content of the trust center but could not be directly verified from a public URL without login.
    • SOC 2 compliance is confirmed on vendor pages but the type (Type 1 vs Type 2) is not stated on any directly accessible public page.
    • AI training on customer data policy is ambiguous: FAQ says no PHI leaves the facility, but no explicit public statement on whether de-identified imaging data is used for ongoing CARE foundation model training or improvement.
    • No public standalone DPA document found. Data processing agreements are presumably in the form of HIPAA Business Associate Agreements for US healthcare customers and DPF Standard Contractual Clauses for EU data; a prospective customer should request a DPA/BAA directly.

    // At a glance

    Pricing model

    Enterprise contract; no public pricing; sold to hospital systems and imaging centers

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Aidoc Medical Ltd.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    aidoc.safebase.us

    > Browse all vendor trust reports