Compliance Roadmap
ScribeMDPro is designed against widely adopted healthcare and privacy frameworks. Formal certifications are labelled honestly below — we do not claim what we have not achieved.
Last reviewed: July 2026
Framework posture
HIPAA
United States — PHI safeguards
Zero-retention audio pipeline and encryption controls mapped to the HIPAA Security Rule. Formal Business Associate Agreements available on request as we scale.
SOC 2 Type II
Trust Services Criteria
Control set is being formalised. A Type II report is on the future roadmap; no SOC 2 report is currently held.
GDPR
European Union
Data minimisation, transient processing, and subject-rights workflows are supported. A Data Processing Addendum is available on request.
ISO 27001
Information Security Management
Policies are being aligned to the ISO 27001 Annex A control set ahead of a future certification effort.
NDPR
Nigeria Data Protection Regulation
Aligned with NDPR principles for lawful processing, data minimisation, and subject rights.
PIPEDA
Canada — Personal Information Protection
Consent, purpose limitation, and safeguards principles are embedded in our data-handling architecture.
Future certifications
Additional certifications and third-party attestations will be added as they are formally issued. ScribeMDPro does not claim any certification it does not currently hold.