Scopia

Security & Trust

Built for Healthcare Security Requirements

Scopia is designed so your IT department can say yes. Works out of the box without EHR integration — and offers optional integrations when you're ready. EU-hosted, no patient identifiers, and independently assessed by FinCCHTA.

Request Security Details
IT Procurement Checklist
EU data residency (Google Cloud)
No direct patient identifiers stored
No EHR integration required
No on-premise infrastructure needed
No VPN — HTTPS/TLS 1.3 only
Independently assessed (FinCCHTA Digi-HTA)
Not a medical device — standard SaaS procurement
All requirements met

Independent Assessment

Assessed by FinCCHTA

Scopia has been independently assessed by the Finnish Coordinating Center for Health Technology Assessment (FinCCHTA), a national authority for health technology evaluation.

The assessment was conducted using the Digi-HTA framework, Finland's national evaluation methodology for digital health technologies. It covers effectiveness, safety, data security, costs, and usability — providing an impartial evaluation for procurement decisions.

Read the full FinCCHTA assessment
FinCCHTA Assessment
September 2025 — Valid until September 2028
Safety Sufficient
Data Security & Protection Sufficient
Costs Reasonable
Usability & Accessibility Sufficient
Long-term effectiveness Ongoing research

Overall result: Meets criteria mainly. All areas passed — initial results are encouraging, long-term effectiveness evidence is being gathered as adoption grows.

Security Fact Sheet

What Your IT Team Needs to Know

Scopia is designed to minimise your IT department's workload — not add to it.

EU Data Residency

All data is stored and processed within the EU/EEA on Google Cloud infrastructure. No data leaves the European Economic Area. Encryption at rest and in transit.

GDPR Compliant

Scopia stores no direct patient identifiers. Quality data is linked to endoscopists, not patients. Data Processing Agreement (DPA) available for all customers.

ISO 27005 Risk Management

Risk management follows the ISO/IEC 27005 framework with quarterly reviews. Designated safety incident coordinator and documented risk management process.

Works Without — or With — Integration

Start immediately as a standalone browser-based application. When you're ready, we offer EHR and endoscopy system integrations tailored to your infrastructure.

Continuous Security Testing

Regular vulnerability scanning, dependency monitoring, and cloud infrastructure security monitoring. Role-based access controls. Quarterly security reviews and automated alerts.

99.99% Uptime

Built on Google Cloud with minimal downtime — six minutes total in the past six months. Automated daily backups. Automatic updates with zero disruption to clinical workflows.

Regulatory Simplicity

No MDR. No AI Act. No Complexity.

Scopia is a quality monitoring tool, not a medical device and not an AI system. This means significantly lower regulatory burden for your procurement process.

  • Not classified as a medical device under EU MDR
  • Not subject to EU AI Act requirements
  • No clinical decision support — purely quality monitoring
  • No patient-facing functionality
  • Standard SaaS procurement — no special approvals needed

What Scopia does NOT do

  • Store direct patient identifiers
  • Make clinical decisions or recommendations
  • Use AI for diagnosis or detection
  • Require on-premise infrastructure

Architecture

Simple by Design

Endoscopy Unit
Browser-based
Any device
HTTPS / TLS 1.3
No VPN required
Google Cloud
EU region
ISO 27001 certified
0
Required IT touchpoints
0
On-premise components
No direct patient identifiers
Encrypted at rest & in transit
Daily automated backups

Compliance Documents

Ready for Your Procurement Process

We know IT procurement requires documentation. These are available upon request.

Data Processing Agreement (DPA)
Standard contractual clauses for GDPR compliance, covering data processing scope and responsibilities.
Security Fact Sheet
One-page technical overview of architecture, data flows, encryption, access controls, and incident response.
Privacy Impact Assessment
Documentation of data protection measures, legal basis for processing, and risk mitigation strategies.
FinCCHTA Assessment Report
Independent health technology assessment covering safety, effectiveness, data security, costs, and usability.
Security Testing Report
Summary of regular vulnerability assessments and penetration testing results.
Infrastructure Hardening Guide
Technical overview of security configurations and hardening measures.
Risk Assessment Documentation
ISO 27005-based risk assessment with treatment plans and review cycle.
Request compliance documentation

Questions About Security?

Our team is happy to walk through our security architecture, provide compliance documents, or connect with your IT team directly.

Book a Demo See Results First