Compliance

Compliance posture, documented.

Veronara's compliance posture is architectural. Each framework below is labeled as Certified, Architected to, or Aligned with — dated and version-controlled.

Last reviewed:

Frameworks

  • HIPAA

    Architected to

  • ISO/IEC 27001:2022

    Architected to

  • SOC 2

    Architected to

  • GDPR

    Aligned with

  • UK GDPR & Data Protection Act 2018

    Aligned with

  • DPDP

    Aligned with

  • PDPA

    Aligned with

  • UAE PDPL

    Aligned with

  • + 2 more below

HIPAA (US Health Insurance Portability and Accountability Act)

Architected to

Administrative, Physical, and Technical Safeguards per 45 CFR Parts 160 and 164.

As of

ISO/IEC 27001:2022

Architected to

Information Security Management System controls. Certification in progress.

As of

SOC 2 (AICPA Trust Services Criteria)

Architected to

Security, Availability, Confidentiality, Processing Integrity, Privacy.

As of

GDPR (EU General Data Protection Regulation)

Aligned with

Articles 5, 6, 7, 25, 28, 30, 32, 33, 44–50. DPA available under NDA. Regional processing per /trust/residency.

As of

UK GDPR & Data Protection Act 2018

Aligned with

ICO registration and DPA available under NDA.

As of

DPDP (India Digital Personal Data Protection Act 2023)

Aligned with

Consent architecture, purpose limitation, and data fiduciary obligations.

As of

PDPA (Singapore Personal Data Protection Act)

Aligned with

Consent, notification, access, correction, and protection obligations.

As of

UAE PDPL (Federal Decree-Law No. 45 of 2021)

Aligned with

Controller obligations and cross-border transfer rules.

As of

NABH (National Accreditation Board for Hospitals & Healthcare Providers, India)

Aligned with

Digital Health Standards and NABH Quality Indicators.

As of

ABDM (Ayushman Bharat Digital Mission, India)

Aligned with

Health ID, HPR, HFR, and consent manager integration readiness.

As of

Legal Entity

Legal entity name, registration, jurisdiction of incorporation, and registered addresses are disclosed under NDA to institutional buyers and published on this page upon public company formation. All disclosures in this Trust Center are signed by the Veronara Brand Steward and Institutional Engagement Lead.

Data Processing Agreement (DPA), Master Services Agreement (MSA), and Business Associate Agreement (BAA) templates available via technical briefing request.