Back to deck14 / 17

14: Security & Compliance

Defense-in-depth protects patient data across the stack:

  • Encrypted storage with KMS-managed keys and Secrets Manager for credentials.
  • Least-privilege IAM and tokenised access managed through Keycloak.
  • Network safeguards via HTTPS termination with AWS ACM certificates.
  • Monitoring and detection powered by CloudWatch and GuardDuty.

The architecture aligns with ENISA and NIS2 baseline controls, setting the stage for future ISO 27001 audits.

Security and compliance strategy