ADHICS V2.0 Compliance
99%
1.5% from last period
Healthcare Intelligence Platform
Abu Dhabi • ADPHCAD
CLAIRVOYANCE-CX
System Governance & Compliance
ADHICS V2.0, Federal Data Protection, Sovereign Cloud Infrastructure & Operational Compliance
Overall ADHICS Compliance
6-month trend
99
Compliance Score
Compliance Trend
ADHICS, Federal Laws, and Data Sovereignty
Domain Compliance Scores
ADHICS domain performance
Security Incident Trends
6-month incident severity breakdown
Abu Dhabi Healthcare Information and Cyber Security Standard V2.0
The operational mandate for all healthcare facilities, insurers, and professionals licensed by DoH
Active Standard 2025-2026
ADHICS V2.0 Overview
Operational mandate via AAMEN program for license renewal
Full Name
Abu Dhabi Healthcare Information and Cyber Security Standard
Program
AAMEN (Audit & Compliance Assurance)
Evolution
V1.0 → V2.0 (Cloud-Enabled)
License Suspension Warning
Circular No. 147 of 2022: Facilities failing to comply by deadline face potential license suspension. AAMEN certification is MANDATORY for medical license renewal.
The Six Strategic Pillars of ADHICS V2.0
Beyond checklist compliance toward holistic security culture
Operational Implications
- Mandates formation of Information Security Steering Committees
- Requires appointment of qualified CISO at executive level
- Ensures security is discussed at board meetings regularly
- Links compliance to commercial viability via license renewal
Key Requirements
- CISO certification (e.g., CCSP for cloud security)
- Quarterly steering committee meetings
- Executive sign-off on security policies
- Direct reporting line to CEO/Board
Operational Implications
- Requires robust Disaster Recovery (DR) plans
- Incident Response mechanisms must be tested quarterly
- Facilities must demonstrate rapid service restoration
- RTO/RPO metrics must be defined and achieved
Key Requirements
- DR plan tested quarterly with documented results
- RTO (Recovery Time Objective) < 4 hours for critical systems
- RPO (Recovery Point Objective) < 15 minutes for patient data
- Direct reporting line to DoH cybersecurity center
Tier 1
Basic Controls
Smaller entities (clinics, small practices)
Fundamental access controls
Antivirus/endpoint protection
Basic password policies
Simple backup procedures
Tier 2
Most Common
Transitional Controls
Mid-sized entities scaling operations
Enhanced authentication (MFA)
Network segmentation
Incident response procedures
Vendor risk management
Tier 3
Advanced Controls
Large hospitals and critical infrastructure
Sophisticated continuous monitoring
Red-teaming and penetration testing
Advanced encryption (AES-256+)
Security Operations Center (SOC)
Control Family CM4: Cloud Computing
Data residency and CSP requirements
Data Residency Mandate
Health information related to services provided within the UAE MUST NOT be stored, developed, or transferred outside the country. This is a HARD operational constraint with no exemptions without specific DoH approval.
CSP Requirements
- • ISO 27001 (Information Security)
- • ISO 27017 (Cloud Security)
- • ISO 27018 (Privacy in Cloud)
- • Contract must guarantee UAE jurisdiction
- • No foreign "follow-the-sun" support access
AAMEN Certification Process
Mandatory audit for license renewal
1
Self-Assessment
Entity assesses own controls against ADHICS V2.0 checklist
2
Third-Party Audit
AAMEN-approved auditor validates the assessment
3
Certification
DoH issues "Secure" (Fully Compliant) or "Safe" (Managing Risks) certificate
"Secure" Certificate
Fully Compliant - All controls implemented and verified
"Safe" Certificate
Partially Compliant - Managing residual risks with mitigations