Saltar al contenido

Tema de color

Región

Abre la misma página en otro sitio regional.

Idioma del sitio (Chile)

Español o Inglés. Aplica a este sitio regional.

Buscar en el sitio

Buscar páginas y artículos

Ctrl+K · Buscar en el sitio
Menú

Algunas páginas de detalle pueden mostrarse en inglés mientras completamos la traducción.

Publicado: Por Trucell 3 min de lectura

Trucell is ISO 27001:2022 certified for managed IT services, with specializations in PACS/RIS and DICOM

Trucell has achieved ISO 27001:2022 certification through Citation Certification (JAS-ANZ accredited). The scope explicitly covers our managed IT and cybersecurity services and our medical imaging IT including PACS/DICOM administration and the DICOMJet platform: assurance for clients across general MSP work and radiology specialization in one audited management system.

IT supportManaged security servicesPACS & RISEssential Eight (ACSC)DICOMJet®: NeoLogicaMicrosoftHealthcareGovernment & public sector
Promotional graphic announcing Trucell ISO 27001:2022 certification, with the Citation Certification badge, a Trucell compliance dashboard view alongside a brain CT image, and the headline Secure IT. Compliant IT. Trucell is ISO 27001 certified.

Trucell has been awarded ISO 27001:2022 certification by Citation Certification (JAS-ANZ accredited), certificate number 500-27285-IS, valid through 10 May 2029.

The headline is not the badge. It is the scope.

Most ISO 27001-certified Australian MSPs scope their certification to generic IT services. Ours covers that, and explicitly extends to the medical imaging IT we deliver into Australian radiology and healthcare sites. This is one audited information security management system covering both halves of what Trucell does, not a partial cert with carve-outs around the clinical work.

What is in scope, in plain English

The certificate scope, verbatim:

The provision of managed IT services, cybersecurity services and medical imaging IT services (including PACS/DICOM administration and the DICOMJet platform) including all internal corporate systems, remote access environments, cloud tenancies (Microsoft 365 / Azure / Entra ID) and the management of third-party supplier relationships. SOA revision 1.1, effective 02-04-2026.

In practical terms that means the ISMS covers:

  • Managed IT services for Australian SME, healthcare, and public-sector clients: service desk, change control, identity, devices, networks.
  • Cybersecurity services: managed detection, endpoint protection, perimeter, identity hardening, Essential Eight-aligned controls.
  • Medical imaging IT, PACS/DICOM administration, and the DICOMJet platform: the parts of a radiology stack that touch patient images and reports, not just generic infrastructure.
  • Internal corporate systems: how Trucell itself runs, because a managed-services provider’s own controls are part of the supply chain risk picture.
  • Remote access and cloud tenancies (Microsoft 365 / Azure / Entra ID): the platforms client work actually lands on.
  • Third-party supplier relationships: how we vet, contract with, and offboard the vendors that touch client environments.

Why scope matters more than the badge

Procurement and risk reviewers know this. The first page of a serious vendor risk questionnaire asks two things: are you ISO 27001 certified, and what is in the scope. A certificate that says “ISO 27001 certified” but excludes the actual service the client is buying does not give the reviewer what they need.

For radiology groups assessing Trucell for PACS/RIS and DICOMJet work, the scope above means the ISMS audit specifically examined the controls around the imaging stack: how images and reports move, how access is granted, how DICOM associations are configured, how DICOMJet print endpoints are managed. For general managed-IT clients, the scope covers identity, endpoints, change control, and supplier management end to end. One certificate, both halves.

Where this fits next to our other certifications

ISO 27001 is the headline change today. It joins:

  • ISO 9001 Quality Management System (existing): the foundation our service desk, change control, and project delivery already run on.
  • Microsoft Cloud Solutions Provider (CSP): how we transact and support Microsoft 365, Azure, and Entra ID for clients.
  • ITAR/AUKUS Australian Authorized User registration (AUK0001996): for export-controlled and defence-adjacent work, written up in detail here.
  • Vendor credentials including Fortinet Gold Partner, SentinelOne Certified, 3CX Silver Partner, and NVIDIA Partner Network registered.

The full register, with the certificate scope, certifying body, and a downloadable copy of the ISO 27001 certificate, lives at /about/certifications/.

What this means for your next vendor review

If you are reviewing Trucell as part of a managed services, cybersecurity, or imaging IT engagement, you can:

  1. Request the certificate directly. We will share a copy and the SOA summary on request.
  2. Verify on the JAS-ANZ register at register.jasanz.org/certified-organisations using certificate number 500-27285-IS.
  3. Ask for the scope statement in writing for your supplier file. The scope on this page is the scope on the certificate.
  4. Ask about your specific control area: identity, backup, DICOM administration, change management, third-party risk. The audit covered these; we can speak to the controls in scope.

Talk to us

If your procurement, risk, or clinical governance team needs ISO 27001 evidence to clear Trucell as a supplier, we will send what your reviewers actually ask for, not a generic capability deck. Use the form below to start the conversation.

Lecturas relacionadas

← Volver al blog

Contactar a Trucell