ZenoXCare — marketing
Loading standards & compliance…
How we earn trust
Rules we follow,
across health, privacy, and payments,
written for every country we serve.
ZenoXCare pulls health, privacy, money handling, and newer tech rules into one place—you can see exactly what is live, underway, planned, or paused. Country rules are listed plainly; nothing is sold as “done” when it is not.
26+
Standards
54
Countries
1
Review track
Live or moving
Checked teams · Clear records · Files ready when asked
Where things stand today
Straight from our rule lists; totals refresh weekly where noted.
Active means paperwork from an outside reviewer is on file today. Aligned means we built to match that rule book and can show how—without saying a seal is framed on the wall. In progress means staff are still gathering proof or someone is formally reviewing us. Labels are not swapped to sound better than they are.
ZenoXCare26+
International Standards Aligned
ISO, AICPA, HL7, WHO, NIST, OWASP
54
Africa member countries
Short country pages with law, office, and rollout wave
0
Reviews on file today
Outside sign-off we can show on request
1
In Progress
Privacy and security work—including Ghana data office path
Outside reviews & paperwork
What is finished, what is moving, and where to open the binder. Every row links out for detail.
SOC 1 Type II
PlannedExternal CPA firm (engagement TBD)
Proof gathered0%
Learn more
SOC 2 Type II
In progressExternal CPA firm (engagement TBD)
Proof gathered75%
Learn more
ISO/IEC 27001:2022 (ISMS)
PlannedAccredited certification body (e.g., BSI, DNV, TÜV)
Proof gathered0%
Learn more
ISO/IEC 27701:2019 (PIMS)
PlannedAccredited certification body (joint scope with 27001)
Proof gathered0%
Learn more
Ghana Data Protection Commission registration (Act 843)
PlannedData Protection Commission, Ghana
Proof gathered0%
Learn more
Vulnerability Assessment & Penetration Test (baseline)
PlannedExternal CREST/OSCP-credentialed pentest firm (engagement TBD)
Proof gathered0%
Learn more
PCI DSS v4.0 Self-Assessment (SAQ A-EP)
PlannedSelf-assessed; QSA validation when card data scope expands
Proof gathered0%
Learn more
HITRUST CSF e1 Assessment
Not pursuedHITRUST-authorised external assessor
Proof gathered0%
Learn more
→
View All 8
All outside reviews
Standards by topic
Each topic links through to the original writer of the rule. We refresh checks every quarter and keep what is finished or moving in the sections above—not buried here.
Information Security
Foundational ISMS controls and third-party attestations governing how ZenoXCare protects systems, data, and customer trust.
ISO/IEC 27001:2022
PlannedISO/IEC
International standard for an Information Security Management System (ISMS) — risk-based controls covering organisation, people, processes, and technology.
SOC 2 (Trust Services Criteria)
In progressAICPA
Reporting framework on controls relevant to Security, Availability, Confidentiality, Processing Integrity, and Privacy of a service organisation.
SOC 1 (ICFR)
PlannedAICPA
Reporting framework on controls relevant to user entities' Internal Control over Financial Reporting (ICFR).
Privacy
Privacy-by-design controls extending the ISMS to personal data lifecycle management.
Application Security
Verification standards for secure software development and runtime defence.
Resilience & Business Continuity
Operational continuity, disaster recovery, and incident-response disciplines.
Payments
Card and mobile-money compliance, settlement integrity, and payout safeguards.
Clinical Interoperability
Open standards for safely exchanging clinical information between systems.
Clinical Terminology
Globally-recognised vocabularies for unambiguous clinical meaning.
Health-System Governance
Sector-specific operating standards for digital health systems and clinical workflows.
ISO 27799:2016
AlignedISO
Health-sector application of ISO/IEC 27002 — security management in health using ISO/IEC 27002 controls.
WHO SMART Guidelines
AlignedWorld Health Organization
Standards-based, Machine-readable, Adaptive, Requirements-based, Testable — WHO's framework for digital adaptation kits in health systems.
AI Governance
Lifecycle controls for trustworthy, ethical, and human-supervised AI in healthcare.
ISO/IEC 42001:2023
AlignedISO/IEC
AI Management System — requirements for establishing, implementing, maintaining and continually improving an AI management system within an organisation.
NIST AI RMF 1.0
AlignedNIST (USA)
AI Risk Management Framework — voluntary guidance to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services, and systems.
WHO AI Ethics in Health
AlignedWorld Health Organization
Ethics and governance of artificial intelligence for health — six principles ensuring AI works to the public benefit of all countries.
Medical Device (Reserved)
Standards held in reserve until any feature is classified as Software as a Medical Device.
Africa — Regional Instruments
Continental and regional instruments framing pan-African data, privacy, and digital-trade obligations.
AU Malabo Convention
AlignedAfrican Union
African Union Convention on Cyber Security and Personal Data Protection — continental instrument harmonising data protection and cybersecurity.
AU Data Policy Framework
AlignedAfrican Union
Continental policy framework governing data, cross-border flows, and digital trade across African Union member states.
ECOWAS Data Protection Act
AlignedECOWAS
ECOWAS Supplementary Act on Personal Data Protection — regional instrument governing data processing across West African member states.
Africa — Country Data Protection Laws
National statutes that overlay the pan-African baseline as ZenoXCare enters each market.
Ghana — Data Protection Act 2012 (Act 843)
AlignedData Protection Commission, Ghana
Statutory data protection law in Ghana; controllers and processors must register with the Data Protection Commission.
South Africa — POPIA
PlannedInformation Regulator, South Africa
Protection of Personal Information Act — South Africa's primary data protection statute; requires Information Officer registration.
Nigeria — NDPA 2023
PlannedNigeria Data Protection Commission
Nigeria Data Protection Act, 2023 — established the Nigeria Data Protection Commission; recognises lawful bases including contract, legal obligation, and vital interests.
Go deeper into the trust posture
Each topic page pulls from the same live registries as this hub, in language people can scan quickly.
AI Governance
ISO 42001 · NIST AI RMF · WHO
Testing you can replay, checks before each release, guards against misuse of prompts and tools, offline-friendly assist where it fits, plus public discovery for partner tools.
Open
Conformity matrix
Frameworks × Standards × Certs
Live cross-mapping of every regulatory framework to its declared standards and the certifications that satisfy it.
Open
Live calendar
Renewals & audit cadences
Forward-looking compliance events derived live from the certifications registry. Overdue items pinned at the top.
Open
Regression bar
AI evaluation harness
Published budgets per intent, latest archived run, pass/fail per metric — surfaced from the repo's eval artifacts.
Open
Security findings
VAPT findings tracker
Severity → remediation SLA matrix, finding-status workflow, and live counts. CI gates breaches at build time.
Open
Auto-KYC v1
Identity verification posture
Ghana Card / NIA, passive liveness, sanctions screen, GhanaPostGPS, three-band decisioning with reviewer co-pilot.
Open
Audit roadmap
Certifications & audits
Every active, in-progress, and planned third-party attestation with renewal cadence and scope.
Open
Pan-African coverage
All 54 AU member states
Per-country data-protection statute, regulator engagement, and rollout wave for every African Union member state.
Open
Africa coverage—all 54 AU member states
Each country lists the privacy law in plain terms, who regulates it, and how far we have rolled out.
Morocco· EnforcedAlgeria· EnforcedTunisia· EnforcedLibya· NoneEgypt· EnforcedMauritania· Enacted, dormantMali· EnforcedNiger· EnforcedChad· Enacted, dormantSudan· PendingEritrea· NoneCabo Verde· EnforcedSenegal· EnforcedThe Gambia· PendingBurkina Faso· EnforcedNigeria· EnforcedCentral African Republic· NoneSouth Sudan· NoneEthiopia· EnforcedDjibouti· Enacted, dormantGuinea-Bissau· Enacted, dormantGuinea· Enacted, dormantSierra Leone· PendingLiberia· PendingCôte d'Ivoire· EnforcedGhana· EnforcedBenin· EnforcedCameroon· Enacted, dormantSomalia· PendingTogo· EnforcedSão Tomé and Príncipe· Enacted, dormantEquatorial Guinea· Enacted, dormantGabon· EnforcedRepublic of the Congo· Enacted, dormantUganda· EnforcedKenya· EnforcedDemocratic Republic of the Congo· Enacted, dormantRwanda· EnforcedBurundi· PendingTanzania· EnforcedSeychelles· EnforcedAngola· EnforcedZambia· EnforcedMalawi· EnforcedMozambique· PendingComoros· NoneMauritius· EnforcedNamibia· PendingBotswana· EnforcedZimbabwe· EnforcedMadagascar· EnforcedSouth Africa· EnforcedEswatini· Enacted, dormantLesotho· Enacted, dormant
EnforcedEnacted, dormantPendingNone
29
Countries with
Enforced DP Law
4
Rollout Waves
Wave 1: Anchors
6
Regional Blocs
ECOWAS, SADC, EAC…
Ask the on-device compliance assistant
Answers draw from the published compliance registry. Optional quick help runs in your browser when your device allows it; otherwise you get the same answers from the built-in FAQ—usable offline once the page has loaded.
Questions About Our Compliance?
Our compliance and security teams are ready to help. Get detailed audit documentation, compliance reports, or speak directly with our experts.
All documentation is checked and ready for reviewers