Data Security and Privacy

Regulatory compliance

Aarca Research develops non-invasive medical screening and monitoring solutions with all necessary CDSCO and international regulatory clearances. Our marketed products hold relevant approvals, while additional registrations are pursued for upcoming solutions. We maintain required licenses and certifications, and where approvals are pending, our processes fully align with applicable standards to ensure safety, quality, and compliance.

Medical device software compliance

Aarca Research is practicing ISO 9001:2015 and ISO 13485:2016 principles, implementing industry-standard medical device quality management systems that cover design and development, supplier management, risk management, complaint handling, clinical data, cybersecurity, distribution, product labeling, and post-market surveillance.

Security and HIPAA

Data security is a core priority at Aarca Research. We are certified to ISO/IEC 27001:2013 and maintain HIPAA-compliant policies, procedures, and technical safeguards to protect patient and customer data.

Secure Facilities (SOC 2)

We are Service Organization Control 2 (SOC 2) compliant, ensuring that health system and patient data are managed under the highest standards of operational and information security.

Compliance Image

Encryption and Backups

All patient data is encrypted with HIPAA-compliant, NIST-recommended 256-bit AES encryption using managed keys. Backups are performed regularly, with recovery testing to ensure data integrity and availability.

BAA Agreements

We execute Business Associate Agreements (BAAs) with subcontractors and hosting providers to ensure HIPAA compliance and full protection of sensitive data across the chain of custody.

Compliance and Security Contact

For questions, reporting, or concerns regarding compliance or data security, please contact us at: