Skip to content
Smile Digital HealthOct 22, 2024 10:25:00 AM2 min read

Smile Digital Health Gets ISO 27017 Certified

Smile once again shows its dedication to true interoperability, which relies on safe data sharing via the cloud, with new ISO certification. 


TORONTO, CANADA -- October 22, 2024 – Smile Digital Health (Smile), a leading Fast Healthcare Interoperability Resources (FHIR®) health data platform and exchange solutions provider, announced today their ISO 27017:2015 certification.

ISO 27017:2015 is an international standard providing guidelines and best practices for information security controls applicable to the provisioning and use of cloud services. It supplements ISO 27002:2022, which outlines information security controls for general IT environments, by providing guidance for cloud service customers and cloud service providers.

Having already obtained ISO 27001:2022, and ISO 27018:2019, this new certification is another step for Smile in maintaining the highest level of data privacy and security. ISO 27017:2015 differs, or interacts with Smile’s other certifications in the following ways: ISO 27017:2015 provides guidance on implementing ISO 27001:2022 controls in cloud environments and provides additional detailed controls specifically for the cloud, whereas ISO 27018:2019 certification provides guidance on collecting, processing, storing, sharing and destroying personally identifiable information (PII) and protected health information (PHI) data in the cloud.

“Although entirely voluntary, we chose to extend our current certification of ISO 27001 to include ISO 27017 as part of our systematic commitment to risk mitigation. This new certification helps to ensure our overall security posture in the cloud, while protecting applications and sensitive customer data,” said Luis de Barros, Chief Privacy and Security Officer, Smile Digital Health.

In addition to providing cloud-specific implementation guidance to controls already found in ISO 27001:2022, ISO 27017:2015 includes additional cloud controls to address such issues as responsibilities between cloud customers and cloud providers, protection and separation of the customer’s virtual environment, virtual machine configuration, and cloud customer monitoring of activity within the cloud.

“This certification is particularly relevant for customers of Smile’s cloud-based Managed Services offering since it provides these customers with information on what they can expect from Smile and their shared responsibilities in regards to the services. In this way, both Smile and the Managed Service customer are best aligned to meet their security objectives and to protect their data,” said Clement Ng, Head of Global & Corporate Development, Smile Digital Health.

Smile’s Managed Services is an end-to-end service package, encompassing FHIR®-based implementation, maintenance, security, and support for Smile’s Health Data Platform Solutions.

RELATED ARTICLES