Security & architecture
Zero Trust, from silicon to record.
SVH assumes the network is hostile, the gateway can be compromised, and third-party code will misbehave — and is architected so that none of those events becomes an incident.
-
Hardware root of trust
Device identity lives in a TPM 2.0 and never leaves it. Devices prove identity — and on TPM hardware, boot integrity — through remote attestation.
-
Mutual TLS everywhere
Every connection is mutually authenticated with per-device X.509 certificates and pinning. The network is never trusted, inside the hospital or out.
-
Server-signed commands
Commands to devices carry their own signatures, verified on the device. A compromised gateway cannot forge an instruction.
-
Sealed patient data
PHI payloads are encrypted end to end — platform infrastructure moves them without seeing plaintext. Patient identity is structurally isolated from analytics and telemetry.
-
Least-privilege sandboxing
Every module on the device runs with only the permissions its signed manifest declares, enforced by the operating system. Default-deny.
-
Tamper-evident audit
Every privileged action, PHI access, and configuration change lands in a cryptographically chained, append-only, exportable audit trail.
Defense in depth is the point: identity, transport, authorization, data, runtime, and audit each hold on their own. No single layer is load-bearing.
Supply chain
You can see everything we ship.
SBOM with every release
A CycloneDX software bill of materials ships with every image and agent release — served from a live endpoint, not attached to an email.
Signed and pinned
Container images are cosign-signed and digest-pinned; device modules are signed and verified before they run. Nothing unsigned executes anywhere.
Memory-safe core
The device agent is written in Rust with unsafe code banned outside audited hardware interfaces, and builds reproducibly.
Compliance posture
Designed to support your submission.
| IEC 62304 | Software lifecycle discipline; the device platform is kept free of clinical logic to support SOUP and design-control scoping. |
|---|---|
| IEC 81001-5-1 | Security activities in the software lifecycle, designed in from architecture down. |
| FDA premarket cybersecurity guidance (2023) | SBOM with every release, secure update with rollback, attestation, and anomaly reporting. |
| HIPAA / GDPR | Encryption in transit and at rest, PHI-access audit logging, structural de-identification of analytics. |
SVH is designed to support these programs — it does not by itself constitute clearance, certification, or legal compliance. When in doubt, the platform prefers the stricter option.
Bring your security team.
We are happy to go as deep as your architects and regulatory leads want to go.