Stories
/
Company

New certifications and medical device support from Corti

September 5, 2025
X min read
Corti
AI infrastructure for healthcare
LinkedIn
No items found.

We’re excited to share several significant compliance milestones that strengthen your assurance in Corti’s security, privacy, AI governance and medical device compliance. This update brings you the latest achievements and upcoming initiatives that demonstrate our ongoing commitment to protecting your data and supporting your compliance needs.

TL;DR: What’s new

  • ISO 27001 certification
  • BSI C5 upgraded to Type II ✅
  • ISAE 3000 (GDPR) upgraded to Type II
  • SOC 2 Type II renewed ✅
  • Sub-processors list updated - to reflect our current trusted providers ✅
  • UK MHRA Class I medical device registration for Corti Assistant since July 2025 ✅
  • EU Class I medical device registration for Corti Assistant - during September 2025 ⏳
  • Medical Device Documentation Support for partners - Available from October 2025 ⏳
  • ISO 27017 - Compliance during September 2025 ⏳
  • ISO 27018 - Compliance during September 2025 ⏳
  • ISO 13485 (medical device QMS) & ISO 42001 (AI) - external audits for certification starting in October 2025 ⏳

All reports and certificates are available to customers via our Trust Center

What does it mean for you?

Security

  • ISO/IEC 27001 - We received the certification of our Information Security Management System (ISMS) in August 2025.
  • ISO/IEC 27017 - We will comply with the cloud-specific security controls during September 2025.
  • BSI C5 Type II - We passed the type II audit for Germany’s Cloud Computing Compliance Criteria Catalogue attestation in June 2025.
  • SOC 2 Type II - Renewed in June 2025 our independent attestation of the design and operating effectiveness of our controls over time.

These certifications give independent assurance of our security posture, making vendor risk reviews faster and giving customers confidence that we safeguard data with internationally recognized standards. 

They also build on our earlier compliance with NIS2, DORA, UK Cyber Essentials and UK DSPT, further strengthening cybersecurity, operational resilience, and data security across our platform.

Privacy and data protection

  • ISAE 3000 Type II - We passed the type II audit focused on privacy & data protection controls of GDPR in June 2025.
  • ISO/IEC 27018 - We will comply with the controls for protection of PII in the cloud during  September 2025.
  • Updated Sub-processors - We’ve refreshed our sub-processor list to ensure continued transparency since July 2025.

These demonstrate robust GDPR alignment, governance, and transparency, so customers know exactly how their data is processed. 

This builds on our achievement of aligning with the EU–US Data Privacy Framework (DPF) and its Swiss–US and UK–US extensions, ensuring compliant transatlantic data transfers across the EU, Switzerland, and the UK.

AI governance and Medical Device regulation

  • UK MHRA Class I Registration - Corti Assistant has been officially registered with the UK MHRA as a Class I medical device since July 2025.
  • EU Class I Registration - We are registering Corti Assistant as a Class I medical device in the EU in September 2025.
  • Medical Device and AI Documentation Support - Corti provides supporting technical documentation and version control to help our partners with their own medical device and AI compliance processes from October 2025.
  • ISO 13485 (medical device QMS) - External audits of the quality and risk management systems to begin in October 2025.
  • ISO/IEC 42001 - External audits for the AI management system to begin in October 2025. 

Corti complies with responsible AI governance, and UK and EU medical device regulations while making it easier for partners to meet their own compliance requirements with our support.

This builds on our early compliance measures with the EU AI Act, demonstrating leadership in trustworthy AI ahead of enforcement.

Our commitment to trust

At Corti, we view security, privacy, responsible AI, and medical device compliance as more than checkboxes. These are core to the trust you place in us every day. Each certification and regulatory milestone represents not just compliance, but our ongoing commitment to building resilient, transparent, and trustworthy technology for our partners and their customers.

For walkthroughs or compliance questions, our Governance team is here to help.

Email us at privacy@corti.ai or security@corti.ai. Visit our Trust Center and Knowledge Base.

Recent stories

Corti in psychiatry: one of the hardest AI problems in healthcare
Industry
September 30, 2025
Decoding healthcare’s unstructured data with a novel multi-agent system
Industry
September 23, 2025
SNOMED CT: healthcare’s new common language (and why AI should care)
Industry
September 9, 2025
View all Stories