// Trust & Security Report
Viz.ai, Inc.
Viz.ai One, an AI-powered care coordination platform delivering over 50 FDA-cleared algorithms across therapeutic suites (Neuro/stroke, Cardio, Vascular, Pulmonary, Trauma, Radiology) for hospital and health-system providers, plus a separate Viz Life Sciences line built with pharma and medical device partners for clinical trial enrollment and patient access programs.
Certifications held
8
Maturity
Enterprise
Trains on your data
Unknown
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on viz.ai“Viz.ai Announces Successful Completion of SOC 2 Type II + HIPAA Audits for Viz.ai One Platform... The assessment was conducted by an independent Big Four audit firm and evaluated Viz.ai's controls across the five trust service principles: security, availability, processing integrity, confidentiality, and privacy. Fourth consecutive year of SOC 2 Type II compliance (Feb 26, 2024 announcement).”
Verify on viz.ai“We have received internationally recognised security certifications to meet the ISO 27001 (information security management system) standard.”
Verify on viz.ai“ISO27701 Security techniques, extension to ISO27001 for Privacy Information Management”
Verify on viz.ai“Viz.ai has successfully achieved ISO/IEC 42001 certification, the international standard for Artificial Intelligence Management Systems (AIMS)... one of the first companies globally to achieve this accredited ISO/IEC 42001 certification.”
Verify on viz.ai“ISO 27017 / 27018: Cloud security and data protection standards governing our cloud-hosted infrastructure.”
Verify on viz.ai“ISO 27799: Healthcare-specific security controls tailored for clinical environments and PHI.”
Verify on viz.ai“ISO 22301: Business continuity and resilience to ensure uninterrupted clinical workflows.”
Verify on viz.ai“Viz.ai operates a comprehensive HIPAA compliance program, including administrative, technical, and physical safeguards for the protection of PHI. Protected Health Information is governed by the HIPAA Business Associate Agreement between the Customer and Viz.ai.”
> Show 4 unconfirmed / not-held certifications
source: viz.aiNo independent GDPR certification exists as a formal third-party seal, and Viz.ai claims none. The vendor describes GDPR only as a self-managed compliance posture: 'In the United States Viz.ai is a regulated entity under the Health Insurance Portability and Accountability Act and has implemented several key security and privacy standards, controls, and measures to adhere to this act and to meet the requirements of others such as the GDPR... GDPR compliance via policies, processes, and audits.' The trust center additionally frames ISO 27701 as 'supporting GDPR and global privacy obligations.' Treat as a compliance posture, not a certification.
source: viz.aiNo public evidence. Viz.ai is a B2B/B2H healthcare software provider contracted directly with hospital systems; no cardholder-data-handling payment flow is described on the trust center, privacy policy, or press releases.
source: viz.aiNo public evidence. Not listed on the trust center page or in any press release found; Viz.ai's public materials do not reference a federal government authorization.
source: viz.aiNo public evidence. Not mentioned on the trust center page, privacy policy, or press releases.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
US (Viz.ai Inc., San Francisco, CA) with distinct regional entities and privacy policies for EU (Viz.ai Netherlands B.V., Heerenveen) and UK (Viz.ai Ltd., St. Albans); cross-border transfers use adequacy decisions or EU Model Clauses per the Trust Center Privacy Notice.
Viz.ai's core products are FDA-cleared clinical decision-support algorithms (not a generative/LLM chat product), and the company publicly states it uses separated training/validation/test datasets during algorithm development, but no vendor-domain page explicitly documents whether a given hospital customer's imaging/EHR data is used to retrain production algorithms, or whether an opt-out exists. Protected Health Information use is instead governed by a separate HIPAA Business Associate Agreement not published publicly. Treat as unresolved pending direct request of the BAA/DPA text.
// Security controls
Independent security audits
Annual SOC 2 Type II audit (4 consecutive years as of Feb 2024) performed by an independent Big Four audit firm, covering security, availability, processing integrity, confidentiality, and privacy trust service principles.
viz.aiAI governance program
ISO/IEC 42001 (AI Management System) certification covering governance structure, risk/impact assessments, data governance, algorithm performance monitoring, and AI oversight integrated into engineering and quality processes across the full AI lifecycle.
viz.aiPHI safeguards
Comprehensive HIPAA compliance program with administrative, technical, and physical safeguards; PHI use governed by a HIPAA Business Associate Agreement between the customer and Viz.ai.
viz.aiISMS oversight
Information security management system and associated certifications are owned by Viz.ai's management team, with day-to-day responsibility resting with a dedicated Chief Information Security Officer (CISO).
viz.aiTrust portal / evidence sharing
A dedicated, gated trust center portal (powered by Drata) at trustcenter.viz.ai lets prospective customers request the SOC 2 Type II report, HIPAA documentation, and subprocessor list under NDA.
trustcenter.viz.ai// Products & data scope
data: Protected Health Information (PHI): medical imaging (CT, EKG, echocardiograms), EHR data, real-time clinical communications
Core hospital/health-system product; 50+ FDA-cleared algorithms across Neuro, Cardio, Vascular, Pulmonary, Trauma and Radiology suites. This is the platform explicitly named in the SOC 2 Type II + HIPAA audit.
data: Aggregated and/or de-identified clinical data used to support patient recruitment, adherence, and clinical trial enrollment for pharmaceutical and medical device partners
Separate go-to-market and data-use pattern from the direct-to-provider platform; no separate certification scope was found distinguishing this product line from Viz.ai One.
// What to watch
- trustcenter.viz.ai (Drata-powered gated portal) could not be rendered by the automated fetch (JS-rendered, request-access flow); certification claims were instead verified via the public /trust-center marketing page plus two independent Viz.ai press releases (SOC 2/HIPAA, ISO 42001) and the privacy policy, all on the vendor's own domain, so this is not treated as evidence of absence.
- No vendor-domain statement explicitly addresses whether hospital/customer clinical data is used to retrain production AI algorithms or whether an opt-out exists; PHI handling is deferred to a non-public HIPAA BAA. Recommend the listing note this as 'ask vendor for BAA/DPA terms' rather than asserting a position either way.
- GDPR is a compliance posture (internal policies, audits, EU Model Clauses, ISO 27701 'supporting GDPR'), not an independent third-party certification/seal; there is no formal GDPR certification to hold, so it is recorded as held=false with the posture documented in the proof_quote rather than presented as a certifying body's stamp.
- Three separate regional privacy policies (US, EU platform users, EU non-platform users) plus a distinct Trust Center Privacy Notice exist; a buyer should confirm which policy governs their specific relationship.
// At a glance
Pricing model
Enterprise/health-system contract, no public self-serve pricing
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Viz.ai, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
viz.ai