The Hébergeurs de Données de Santé (HDS) regulation is issued by ASIP Santé which, under the French Ministry of Health, is responsible for promoting electronically based healthcare solutions in France.

HDS requires that service providers implement measures that keep personal health data secure, confidential, and accessible by patients. These measures include strong authentication and authorization procedures, robust backup systems, and powerful encryption methods. HDS also specifies mandatory provisions that must be included in contracts with cloud service providers. These requirements apply no matter where the data is stored.

HDS is relevant for service providers processing personal health data under French law

HDS combines elements from ISO 27001, ISO 20000 and ISO 27018 with five new requirements.

The HDS 1.1 add-on contains:

  • Implementation guidelines for 2 existing ISO 27001 clauses (4.3 and 6.1.3)
  • Implementation guidelines for 2 existing ISO 27001 controls (A.12.3.1 and A.12.7.1)
  • 4 clauses derived from ISO 20000
  • 5 new clauses
  • References to 24 required ISO 27018 controls (A.6.1.1, A.12.4.1, B.2.1, B.3.1, B.5.1, B.6.1, B.6.2, B.10.1, B.10.2, B.10.3, B.11.1, B.11.2, B.11.3, B.11.4, B.11.5, B.11.6, B.11.7, B.11.8, B.11.9, B.11.10, B.11.11, B.11.12, B.11.13, B.12.1)
  • Additional implementation guidelines for 4 existing ISO 27018 controls (B.3.1, B.10.3, B.11.8, A.12.4.1, B.12.1)
  • A mapping table, so you can cross reference these requirements against the different roles (physical infrastructure and/or IT managed services providers)

Instant 27001 add ons can be installed by importing them and subsequently merging them with the existing content. Instructions to do so are included. Alternatively, you can let us do the work for you!


Depending on your location, local taxes may apply (read more).

Start your ISO 27001 journey today!

Order now   Book a demo