Files
documenso/apps/docs/content/docs/compliance/certifications.mdx
T
roshboi f93a98e9a5 chore: updated certification status (#2850)
## Description
Updated HIPAA status to compliant
2026-05-21 15:49:41 +10:00

58 lines
2.4 KiB
Plaintext

---
title: Certifications & Regulatory Compliance
description: Documenso's compliance status for industry certifications and regulatory frameworks.
---
import { Callout } from 'fumadocs-ui/components/callout';
### Compliance Status Overview
| Certification | Status |
| -------------- | ---------------------- |
| 21 CFR Part 11 | Compliant (Enterprise) |
| SOC 2 | Compliant |
| ISO 27001 | Planned |
| HIPAA | Compliant (Enterprise) |
## 21 CFR Part 11
<Callout type="info">Status: Compliant (Enterprise License)</Callout>
21 CFR Part 11 is a regulation by the FDA that establishes the criteria for electronic records and electronic signatures to ensure their authenticity, integrity, and confidentiality in the pharmaceutical, medical device, and other FDA-regulated industries.
Read more about [21 CFR Part 11 with Documenso](https://documen.so/21-CFR-Part-11).
### Main Requirements
- Strong Identity Checks for each Signature
- Signature and Audit Trails
- User Access Management
- Quality Assurance Documentation
## SOC 2
<Callout type="info">Status: [Compliant](https://documen.so/trust)</Callout>
SOC 2 is a framework for managing and auditing the security, availability, processing integrity, confidentiality, and data privacy in cloud and IT service organizations, established by the American Institute of Certified Public Accountants (AICPA).
## ISO 27001
<Callout type="warn">Status: [Planned](https://github.com/documenso/backlog/issues/26)</Callout>
ISO 27001 is an international standard for managing information security, specifying requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
## HIPAA
<Callout type="info">Status: [Compliant](https://documen.so/trust)</Callout>
The HIPAA (Health Insurance Portability and Accountability Act) is a U.S. law designed to protect patient health information's privacy and security and improve the healthcare system's efficiency and effectiveness.
---
## See Also
- [Standards](/docs/compliance/standards) - Technical signing standards (PDF/A, PAdES, X.509)
- [Signature Levels](/docs/compliance/signature-levels) - eIDAS and other signature level compliance
- [Enterprise Edition](/docs/policies/enterprise-edition) - Enterprise licensing for compliance features
- [GDPR](/docs/compliance/gdpr) - Data protection compliance