About

Founded in Riyadh, Saudi Arabia, Medical Circles is a fast-growing healthcare collaboration platform transforming how hospitals and medical teams communicate. Built specifically for the healthcare ecosystem, Medical Circles enables secure internal messaging, workflow coordination, and structured collaboration across departments.

As the platform expanded across healthcare institutions in Saudi Arabia, handling sensitive operational and personal data became a regulatory responsibility not just a technical concern.

This case study highlights how Medical Circles achieved ISO 27001 certification and KSA PDPL compliance with Sahl’s accelerated, automation-first compliance model unlocking enterprise trust in the Saudi healthcare sector.

“In healthcare, trust is everything. Security is how you earn it.”

Compliance Snapshot

As Saudi Arabia strengthens enforcement of the Personal Data Protection Law under the supervision of the Saudi Data and Artificial Intelligence Authority, healthcare technology providers must demonstrate structured information security and lawful data processing practices.

Medical Circles needed:

• ISO 27001 certification to validate its Information Security Management System (ISMS)
• KSA PDPL compliance to ensure lawful and transparent handling of personal data
• Audit readiness to support hospital partnerships
• Formalized policies aligned with Saudi regulatory expectations

By partnering with Sahl, Medical Circles transformed compliance from a regulatory hurdle into a strategic growth engine.

Result: Enterprise-grade security governance achieved in weeks, not months.

“Compliance should accelerate growth, not delay it.”

The Roadblock

Medical Circles had a strong technical foundation but lacked formal certification and regulatory validation.

As hospital networks and enterprise healthcare providers began requesting proof of compliance, several gaps emerged:

• ISO 27001 required structured ISMS implementation
• KSA PDPL required lawful data handling compliance
• Policy framework needed documented governance and security controls
• Vendor risk controls required by healthcare partners
• Audit readiness required for enterprise procurement

Without these certifications, expansion into larger healthcare networks in Riyadh and across Saudi Arabia risked slowing down.

Traditional compliance programs often take 4–6 months a timeline incompatible with startup growth velocity.

The Sahl Advantage: Speed Meets Structure

From day one, Sahl deployed a cross-framework execution model tailored specifically for healthcare technology operating in Saudi Arabia.

Instead of fragmented consulting, Medical Circles received unified delivery across ISO 27001 and PDPL requirements.

Key Actions Included:

• Unified ISO 27001 + PDPL gap assessment
• AI-powered risk analysis and control mapping
• Drafting and implementation of 35+ tailored policies
• Data inventory and personal data mapping
• PDPL lawful basis review and governance documentation
• Internal audit simulation
• Full pre-certification audit coordination
• Centralized evidence automation dashboard

All delivered in an accelerated timeline without operational disruption.

Why ISO 27001 and KSA PDPL Compliance Mattered

“Healthcare data demands the highest standard of protection.”

For a Riyadh-based healthcare platform:

• ISO 27001 validated structured risk management and security controls
• PDPL compliance ensured lawful processing of personal data under Saudi law
• Enterprise hospitals required formal certification before integration
• Regulatory alignment strengthened long-term sustainability

Compliance wasn’t about paperwork.
It was about becoming enterprise-ready.

Certified in Every Way That Matters

Sahl delivered end-to-end compliance:

• ISO 27001: Complete ISMS implementation and certification readiness
• PDPL Alignment: Data mapping, privacy governance, lawful basis documentation
• 35+ Customized Policies: Security, privacy, vendor, incident, access control
• Risk Register: AI-assisted risk identification and treatment plan
• Internal Audit Simulation: Pre-audit assurance testing
• Audit Coordination: Support during certification process
• Compliance Dashboard: Real-time tracking and evidence automation

“Security is not achieved by accident. It is engineered.”

Business Wins from ISO 27001 & PDPL Compliance

Sahl turned compliance into a revenue enabler.

With ISO 27001 and PDPL in place, Medical Circles was able to:

• Accelerate hospital partnership approvals
• Respond to enterprise security questionnaires confidently
• Strengthen procurement trust in Riyadh and across Saudi Arabia
• Build scalable compliance architecture for future growth
• Reduce manual compliance workload by 75%

This wasn’t just certification.
It became a competitive differentiator in the Saudi healthcare technology market.

Client Feedback

“Sahl brought clarity to a process that initially felt complex. Their structured methodology, automation platform, and regulatory expertise made ISO 27001 and PDPL implementation efficient and manageable. We achieved certification without slowing down our product innovation or operational growth.”
Team Medical Circles

“Compliance is now embedded into our operations not treated as an afterthought.”

Strategic Impact in Saudi Arabia

By achieving ISO 27001 and aligning with KSA PDPL requirements, Medical Circles strengthened its position as a secure and privacy-conscious healthcare platform across:

• Riyadh
• Saudi Arabia
• The wider MENA healthcare ecosystem

Security and privacy became strategic assets reinforcing credibility in a highly regulated sector.

Sahl’s Advantage

Why did this succeed where traditional consulting models stall?

• Dual-framework delivery in one sprint
• AI-driven risk and policy automation
• Healthcare-specific compliance structuring
• Deep PDPL regulatory alignment
• Zero boilerplate documentation
• Hands-on expert support
• Audit-ready execution

Single team. Single sprint. Structured results.

Your Gateway to Healthcare Compliance Excellence

Medical Circles proved that healthcare technology companies in Saudi Arabia can achieve ISO 27001 and PDPL compliance without slowing innovation.

With Sahl, compliance becomes:

• Faster
• Structured
• Enterprise-ready
• Scalable

Ready to achieve ISO 27001 and PDPL compliance in Saudi Arabia?

Partner with Sahl and turn regulatory requirements into growth opportunities.

Because in healthcare, trust is not optional it is foundational.