PIPEDA
Canada's federal Personal Information Protection and Electronic Documents Act governs how private sector organizations collect, use and disclose personal information to ensure data confidentiality.

Protecting your healthcare data with high security standards
Data plays a critical role in healthcare for measuring performance and is essential for continuous improvement. This is why it is important that it is kept in a safe place. At Petal, cybersecurity is of the utmost importance.
The data used via Petal’s solutions remains the customer’s property. They are replicated and hosted in a location that meets your requirements.
We have several procedures in place that meet high standards and even exceed legal requirements in each jurisdiction in which we operate.
Canada's federal Personal Information Protection and Electronic Documents Act governs how private sector organizations collect, use and disclose personal information to ensure data confidentiality.
The General Data Protection Regulation increases protection for persons whose personal information has been processed as well as the accountability of those involved in this processing.
Our customers can have full control and determine the type of permission and role assigned to users.
In order to protect personal health information, the Petal platform does not permit backup to local or personal device.
We follow the healthcare industry’s best practices to meet security needs.
Microsoft Azure
In order to provide foolproof security, maximum privacy and the best protection against cybersecurity threats, the Petal platform is hosted on reputable Microsoft Azure cloud servers.
Microsoft Azure complies with the highest security standards as well as several international standards and certifications such as ISO/IEC 27001: 2013, ISO 27018, HDS, FedRAMP, SOC 1, 2 and 3, PCI DSS, and HIPAA.
To counter potential vulnerabilities, we deploy the full force of our perfectionism. We maintain state-of-the-art security policies and controls. This covers internal processes such as IT management of applications, authentication and access to infrastructure.
External processes are also controlled, in particular the management of suppliers and subcontractors.
We have established a comprehensive incident management reporting process in the event of an outage or breach of privacy.
We perform rigorous external security audits on all our applications and infrastructure.
Petal undergoes third party audits to perform network scans in addition to self-assessments and rigorous testing.
We have an intrusion detection system installed on all our virtual machines in order to proactively detect the slightest vulnerability.