MY01 SOC 2 Type II
Summary
MY01 device system uses wireless capabilities to enable physicians to visualize data over time. MY01 Continuous Compartmental Monitor Device uses Bluetooth to transmit data to the MY01 application, which in turn connects to a remote server to exchange and store data. The MY01 system network, like all networked IoT systems, is exposed to cybersecurity threats and attacks. Compliance to information security standards is extremely critical for the safe and effective operation of the MY01 system. MY01 medical device system (both medical device and mobile application) has received Health Canada Medical Device License, CE Mark, MDSAP certificate, and 510k Clearance (FDA approval). Therefore, the MY01 device system is approved for sale in Canada, United States and European Union. MY01 is also compliant with the Premarket and Post market FDA cybersecurity requirements. However, additional regulations are also enforced for security and privacy compliance of the medical system in the different jurisdictions.
Hospital network clients in the United States ask for SOC 2 TYPE II compliance, which is specifically designed for companies that store information on the cloud. MY01 physical, network, and process security policies and controls shall be remediated to meet the information security compliance requirements. This also includes annual security penetration testing with an independent testing facility. These remediations are necessary to be able to deal with sensitive patient data. This project aims to ensure compliance of the MY01 company network system to SOC 2 TYPE II. This will allow the MY01 system to be accepted in hospital networks in the United States and increase the confidence of the clients in the solution.