Company Policy
Company Policy
Effective Date: July 2, 2026Website: www.aurahealth.ch
1. Introduction and commitment to systemic integrity
This Corporate Policy establishes the binding operational, legal, and ethical architecture for all corporate governance, advisory engagements, and technical activities executed by the company. Operating within the highly complex and strictly monitored life sciences and medical device sectors demands an uncompromised adherence to international legal statutes and harmonized quality standards.
Given that our core professional focus involves guiding clients through conformity assessments for AI medical devices and complex digital healthcare integrations, any operational or ethical failure on our part directly undermines regulatory compliance and, fundamentally, patient safety. Consequently, this document serves as an absolute baseline, defining our institutional refusal to compromise on regulatory precision, legal accountability, and professional transparency across all global operations.
2. Scope, jurisdictional application, and binding obligations
The provisions set forth in this policy are globally applicable and constitute a material element of engagement for all associated parties. This framework universally binds all board members, executive officers, full-time and part-time employees, as well as external consultants, legal contractors, freelancers, vendors, and third-party auditors operating under the company’s brand or on behalf of its client accounts.
Compliance with this framework is an absolute prerequisite for initial onboarding and ongoing contractual relations. All covered personnel are legally obligated to review, comprehend, and execute a formal declaration of compliance upon execution of their employment or service agreements.
To ensure continuous alignment with evolving international legal landscapes, mandatory compliance evaluations and training modules shall be completed by all personnel on an annual basis as a condition of contract continuation.
3. Quality systems, clinical data integrity, and medical device regulatory excellence
Our consulting services regarding ISO 13485 Quality Management Systems, the EU Medical Device Regulation (MDR 2017/745), the In Vitro Diagnostic Regulation (IVDR 2017/746), and US FDA 21 CFR Part 820 necessitate flawless execution. Quality management is recognized not as an administrative exercise, but as a critical, legally mandated safety mechanism.
All validation activities, gap analyses, and technical file compilations must be executed in strict compliance with established internal Standard Operating Procedures (SOPs). Any intentional circumvention, shortcut, or unauthorized alteration of verification and validation (V&V) protocols is strictly prohibited.
Data integrity is paramount. All scientific evidence, software lifecycle documentation under IEC 62304, risk mitigation profiles under ISO 14971, and Clinical Evaluation Reports (CER) must reflect accurate, unaltered, and statistically verifiable clinical and engineering data.
The manipulation, selective reporting, or fabrication of automated test outputs, code review metrics, or adverse event trends is a severe violation of professional and legal duties. If any associate identifies an unrecorded or misclassified safety hazard, software anomaly, or clinical non-conformity within a client’s product during an active engagement, they are legally and contractually required to document it transparently and escalate it to the internal compliance officer to ensure proper post-market surveillance and vigilance reporting to competent authorities.
4. Data governance, information security, and cross-border privacy architecture
The handling of proprietary source code, algorithmic logic, clinical datasets, and highly sensitive commercial strategies requires a rigorous, multi-layered security infrastructure. All personnel must operate under the absolute mandate of protecting patient confidentiality and proprietary corporate data.
Access to client information, particularly Protected Health Information (PHI) and personal data subject to the General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (FADP), and the Health Insurance Portability and Accountability Act (HIPAA), must be restricted utilizing a strict need-to-know access matrix. The unauthorized replication, migration, or caching of unencrypted PHI, source repositories, or customer master files onto localized, unmanaged devices or unsanctioned commercial cloud storages is illegal and grounds for immediate contractual termination and legal prosecution.
To prevent systemic corporate espionage and data leakage, the deployment of unvetted third-party digital infrastructure, public automated text processing systems, public translation stacks, or public software models for compiling or analyzing client source code, technical specifications, or regulatory strategies is strictly banned. Corporate infrastructure, enterprise-grade encrypted channels, and authenticated data silos verified by IT security are the only permissible mediums for processing professional deliverables.
Furthermore, a strict clear desk and clear screen protocol must be enforced across all physical offices and remote workspaces to prevent visual data breaches. Any suspected or confirmed data exfiltration, localized network anomaly, or loss of access control credentials must be reported to the IT security department within 24 hours of identification.
5. Marketplace ethics, financial integrity, and anti-corruption compliance
We maintain an uncompromised stance against all forms of market manipulation, corruption, and unfair competitive practices, ensuring total compliance with the US Foreign Corrupt Practices Act (FCPA), the UK Bribery Act, and the Swiss Criminal Code. The exchanging of corporate hospitality, business gifts, or promotional entertainment is strictly monitored and heavily restricted.
Personnel are prohibited from offering, soliciting, or accepting any financial or material incentives, gift cards, luxury items, or favors that could be interpreted as an attempt to unlawfully influence an objective business transaction or regulatory decision. Any business courtesy extended or received must be purely nominal, not exceeding a value of €50, and must be fully documented in the corporate compliance ledger.
Offering any gift, benefit, or facility to government officials, Notified Body auditors, or healthcare professionals (HCPs) is strictly prohibited under all circumstances without exception. Corporate financial integrity extends to the prevention of kickbacks, money laundering, and insider trading.
The company supports legitimate scientific exchange and professional training; however, the funding of travel, premium lodging, or personal entertainment for clients, prospective partners, or regulatory representatives under the guise of medical education or software demonstrations is a severe violation of anti-kickback regulations and is subject to immediate disciplinary actions. Furthermore, during our regulatory and due diligence consulting, personnel frequently obtain advanced access to Material Non-Public Information (MNPI), including clinical trial outcomes, software audit statuses, and pending corporate mergers.
Utilizing this information for personal financial gain, trading securities, or tipping off third parties before official public disclosure is a criminal offense and will be directly reported to relevant financial regulatory authorities.
6. Workplace conduct, human rights, and corporate responsibility
Operational excellence is fundamentally sustained by a professional, objective, and legally compliant workplace culture. All human resource actions, including recruitment, performance benchmarking, financial compensation, and project assignment, are managed strictly on a meritocratic basis, focusing exclusively on technical capability, professional experience, and behavioral alignment with corporate requirements.
Discrimination, systemic bias, or preferential treatment based on race, gender, age, sexual orientation, religious belief, nationality, or physical disability is completely intolerable and results in immediate disciplinary review. Every individual associated with our operations has a right to a workspace free from hostility, intimidation, and coercion.
Physical, verbal, psychological, or sexual harassment, including microaggressions, marginalization, and digital bullying on corporate communication networks, is strictly banned. Our corporate responsibility extends globally through a commitment to fundamental human rights; we enforce a zero-tolerance mandate against forced labor, child labor, human trafficking, and sub-standard working conditions throughout our global supply chains and partner networks.
Additionally, environmental sustainability is integrated into our operational planning via a mandatory paperless data model, optimization of international travel, and selection of sustainable digital infrastructure partners.
7. Asset management, proprietary methodologies, and intellectual property protection
The innovative frameworks, proprietary standard templates, specialized QMS pathways, gap analysis matrices, and regulatory strategy blueprints developed or utilized by our company constitute core trade secrets and critical intellectual property. All such assets developed during the course of professional employment or contractual engagement remain the exclusive, perpetual property of the company.
Personnel are explicitly prohibited from extracting, retaining, or transferring these proprietary methodologies, software licenses, or internal databases outside the managed corporate network for personal utility or competitive deployment. Any such unauthorized retention or transfer, particularly upon the cessation of contractual relations, represents a material breach of trade secrets and will be met with immediate injunctive relief and legal litigation to recover damages.
Corporate hardware, computational resources, and premium software licenses are provided strictly for authorized professional use. Personnel are prohibited from installing unverified software, executing unauthorized network penetration attempts, or disabling built-in device encryption, endpoint protection, and corporate Virtual Private Networks (VPNs).
Upon the conclusion of an individual’s contractual relationship with the company, all corporate physical property, cryptographic keys, and client-associated digital media must be immediately surrendered to the IT operations department.
8. Reporting mechanisms, systemic enforcement, and whistleblower protection
Maintaining institutional compliance requires active vigilance. It is the formal contractual obligation of all covered personnel to proactively report any known or reasonably suspected violations of this policy, internal SOPs, or applicable statutory law.
Deliberate blindness to non-compliant behavior, fraudulent documentation, or regulatory evasion within our projects or client accounts is treated as an active violation of this code. Suspected misconduct can be securely communicated through established corporate escalation protocols, including direct reporting to divisional management, the human resources director, the corporate compliance officer, or through our independent, anonymous whistleblower channel which operates securely 24/7.
We provide an absolute, ironclad legal safe harbor against all forms of corporate retaliation. Any individual who, in good faith, submits a compliance report or actively participates in an internal investigation is protected from termination, demotion, salary reduction, exclusion from professional activities, or behavioral harassment.
Any attempted retaliation by executive or managerial staff against a whistleblower constitutes a material breach of this policy and will result in immediate termination of employment. All reported incidents will be thoroughly, impartially, and confidentially investigated.
Substantiated non-compliance will trigger rigorous disciplinary enforcement, up to and including summary dismissal for cause, contractual termination, and immediate referral to national law enforcement, financial authorities, or international regulatory bodies where criminal activity or systemic fraud is identified.
