Compliance Roadmap

ScribeMDPro is designed against widely adopted healthcare and privacy frameworks. Formal certifications are labelled honestly below — we do not claim what we have not achieved.

Last reviewed: July 2026

Framework posture

HIPAA

United States — PHI safeguards

Aligned by design

Zero-retention audio pipeline and encryption controls mapped to the HIPAA Security Rule. Formal Business Associate Agreements available on request as we scale.

SOC 2 Type II

Trust Services Criteria

Planned

Control set is being formalised. A Type II report is on the future roadmap; no SOC 2 report is currently held.

GDPR

European Union

Aligned by design

Data minimisation, transient processing, and subject-rights workflows are supported. A Data Processing Addendum is available on request.

ISO 27001

Information Security Management

Planned

Policies are being aligned to the ISO 27001 Annex A control set ahead of a future certification effort.

NDPR

Nigeria Data Protection Regulation

Aligned by design

Aligned with NDPR principles for lawful processing, data minimisation, and subject rights.

PIPEDA

Canada — Personal Information Protection

Aligned by design

Consent, purpose limitation, and safeguards principles are embedded in our data-handling architecture.

Future certifications

Additional certifications and third-party attestations will be added as they are formally issued. ScribeMDPro does not claim any certification it does not currently hold.