Inquira Health Logo

Security Overview

Last updated: 28 Oct 2025

Introduction

At Inquira, protecting your data is our top priority. We implement robust, industry-leading security practices aligned with stringent healthcare standards. Our security infrastructure is designed and maintained to safeguard your information against unauthorized access, use, alteration, or disclosure. We are proud to be certified against ISO 27001:2023 and NEN 7510:2024, demonstrating our commitment to maintaining a secure environment.

For a deeper dive into our security posture and compliance documentation, please visit our Trust Center.

Security Guidelines & Compliance

We adhere to internationally recognized security frameworks and best practices:

  • ISO 27001:2023: Our Information Security Management System (ISMS) is certified against this global standard. View Certificate
  • NEN 7510:2024: We meet the specific requirements for information security within the Dutch healthcare sector. View Certificate
  • GDPR & Data Privacy: We operate in full compliance with GDPR, building our services with a privacy-by-design approach.
  • Data Residency: We ensure data is hosted within the EU (or US for US customers), utilizing major cloud providers. Stricter residency requirements can be met via customer infrastructure deployments.
  • Need-to-Know Access: Access controls are designed based on the principle of least privilege.

Data Protection

We employ multiple layers of protection for your data:

  • Encryption:
    • At Rest: Data is encrypted using AES-256.
    • In Transit: Communication is secured using TLS 1.3, and media streams use TLS-SRTP.
  • Access Control: Strict access controls are enforced using Role-Based Access Control (RBAC) combined with mandatory Multi-Factor Authentication (MFA).
  • Vulnerability Management: We conduct regular security updates and vulnerability assessments, including automated code scanning in our CI/CD pipeline.

Infrastructure Security

Our platform infrastructure is built with security and resilience in mind:

  • Hosting: Services are hosted in ISO 27001 certified data centers within the EU (or US, depending on customer region) provided by major cloud vendors. See our sub-processors list.
  • Isolated Environments: Production and non-production environments are strictly segregated with rigorous access controls.
  • Zero Trust Architecture: We utilize a Zero Trust model leveraging WireGuard for secure networking and identity-based access.
  • Monitoring: Infrastructure is monitored 24/7 for performance, availability, and security threats via real-time alerting systems. Our public status page provides transparency.

Data Management

Secure and compliant data handling is fundamental:

  • Role-Based Access Control (RBAC): Applied consistently to ensure users only access data necessary for their role.
  • Audit Logging: Comprehensive logs record system access and significant activities, retained according to policy. Customer-accessible call logs are available in the dashboard.
  • Backup & Disaster Recovery: Secure, encrypted daily backups are maintained with defined recovery objectives. Procedures are documented and tested regularly.
  • Data Segregation: Customer data is logically segregated to prevent unauthorized access between tenants.

Incident Response

We are prepared to handle security incidents effectively:

  • Team: An on-call team is available 24/7 to respond to security events.
  • Procedures: We maintain documented incident response procedures, which are tested through regular drills.
  • Monitoring: Proactive threat monitoring and prevention systems are in place.
  • Notification: Clear communication workflows ensure timely notification to affected customers and relevant authorities in case of a breach, adhering to GDPR and contractual requirements.
  • Responsible Disclosure: We encourage reporting of potential vulnerabilities via our responsible disclosure policy.

Vendor Management

We extend our security standards to our partners:

  • Assessment: All vendors undergo a rigorous security assessment before onboarding, especially those handling sensitive data.
  • Agreements: We maintain Data Processing Agreements (DPAs) or Business Associate Agreements (BAAs) with relevant vendors.
  • Compliance Reviews: We conduct regular reviews of vendor compliance and security practices.
  • Monitoring: We continuously monitor vendor security posture and require adherence to documented security requirements.

Contact Information

Inquira Technologies B.V.

Dutch Chamber of Commerce Number (KvK): 95495460

Rotterdam, The Netherlands

support@inquira.health
PGP key
Contact Form

For responsible disclosure of security vulnerabilities, please visit our responsible disclosure page.