• Vitalls achieves ISO/IEC 27001:2022 certification along with SOC 2 ® Type 1, HIPAA, and GDPR compliance, aligning with its vision to make health records secure, portable, and accessible across borders

Abu Dhabi, UAE - Vitalls, the pioneering AI-powered digital health passport designed to provide secure, accessible, and portable health records, today announced it has achieved multiple global security and privacy milestones, setting a new benchmark for trust in digital health worldwide.

Vitalls has now been independently audited and attested against the following global frameworks:

  • ISO/IEC 27001:2022 (Information Security Management System aligned with the international standard)
  • SOC 2 ® Type 1 (Trust Services Criteria)
  • HIPAA (Health Insurance Portability and Accountability Act)
  • GDPR (General Data Protection Regulation)

All audits were conducted by Sensiba, an independent and accredited auditor, following a comprehensive assessment of Vitalls' security controls and data protection practices.

Building Trust for a Borderless Health Future

Vitalls is built on a Privacy-First principle from inception. The successful attestation across these global frameworks is a powerful validation of the platform's core architectural design. Safeguarding health information, one of the world’s most sensitive data types, demands the highest standards, which is why privacy and security are integral to the Vitalls DNA and serve as the central pillar driving our global mission.

Security and Privacy: The Heart of Vitalls

"At Vitalls, security and privacy are not features; they are the heart of our platform," said Mehdi Bouchenak, Founder of Vitalls. "Achieving these global certifications and attestations affirms the strength of our security framework and the integrity of our approach to data protection." This achievement provides concrete assurance to our customers that Vitalls is private and secure by design.

Redefining Data Sovereignty by Design

Vitalls does not just meet prevailing market standards; it raises the bar for the industry by establishing a new standard for health data ownership and security.

By implementing record encryption at rest*,Vitalls secures every record using a unique encryption key controlled solely by the user, establishing a resilient foundation for privacy and data integrity, transforming how health data is protected and affirming Vitalls' mission to safeguard it at every level.

Compliance Framework Overview

Vitalls’ certifications span four global security and privacy frameworks, each reinforcing a core aspect of trust and protection.

  • ISO/IEC 27001:2022 confirms that Vitalls operates under a comprehensive, risk-based Information Security Management System aligned with international best practices.
  •  SOC 2® Type 1 validates that Vitalls’ internal controls are designed to safeguard data with integrity, confidentiality, and availability.
  • HIPAA demonstrates adherence to United States federal standards for the protection of Protected Health Information (PHI).
  • GDPR reflects compliance with the European Union’s data protection regulation, ensuring that individuals maintain full ownership, consent transparency, and control over their personal data, no matter where it is processed.

* Record Encryption at Rest refers to the practice of encrypting each patient's health record with a unique encryption key that is owned and managed by the user.

About Vitalls

Vitalls is a UAE-founded AI-powered digital health passport, redefining how individuals access, carry, and share their health information globally. Operating on a Privacy-First principle, Vitalls implements encryption that goes beyond typical bank-level standards, ensuring user data is protected with the highest level of trust and confidence. It bridges the gap between scattered health records and the need for secure, portable health data that moves as freely as people do.