ISMS Copilot
Supported frameworks

Guide to HDS v2.0 Framework Queries

ISMS Copilot includes proprietary knowledge on the French HDS (Hébergeur de Données de Santé) v2.0 certification framework for health data hosting. This guide shows you how to query its 31 requirements and combine them with ISO 27001 context.

HDS v2.0 Structure

The framework is organized into seven main sections:

  1. Preamble — Background and regulatory context

  2. General Definitions and Concepts — Key terminology

  3. Scope — Application of certification requirements

  4. Conditions for Awarding a Certificate — Certification process

  5. ISMS Requirements (5.4–5.10) — Aligns with ISO 27001:2023 clauses 4–10

  6. Requirements Relating to the Contractual Relationship (6.1–6.11) — Mandatory contractual clauses from French Public Health Code

  7. Data Sovereignty — EU/non-EU transfer restrictions and sovereignty mandates

Chapter 5 mirrors ISO 27001's ISMS structure: context (5.4), governance (5.5), planning (5.6), support (5.7), operation (5.8), performance evaluation (5.9), and improvement (5.10). Chapter 6 adds healthcare-specific contractual requirements like reversibility (6.11), data subject rights (6.3), and subcontracting controls (6.6).

Querying HDS Requirements

Use natural language to reference sections, subsections, or topics. The system auto-detects HDS queries and injects framework knowledge.

Effective prompts:

  • "HDS v2.0 requirement 6.11 reversibility plan for cloud hosting"

  • "Chapter 5.8.2 risk assessment for health data infrastructure"

  • "HDS contractual requirements for subcontractors under 6.6"

  • "Section 7 data sovereignty obligations for non-EU transfers"

Specify context:

  • "HDS v2.0 5.7.2 competence requirements for a 20-person healthcare SaaS team"

  • "Chapter 6.9 guarantees implementation for Azure-hosted PHI"

Watch for "Consulting HDS v2.0 knowledge…" in the chat to confirm the system is using framework-specific insights from real compliance projects.

Bilingual Queries (French/English)

You can prompt in French or English. ISMS Copilot's multilingual models handle both languages.

French examples:

  • "Exigences HDS v2.0 chapitre 6.3 droits des personnes concernées"

  • "Plan de réversibilité selon HDS 6.11 pour infrastructure cloud"

English examples:

  • "HDS v2.0 chapter 6.3 data subject rights obligations"

  • "Reversibility plan per HDS 6.11 for cloud infrastructure"

Framework knowledge is primarily English; French prompts receive English-based answers unless you request French output explicitly (e.g., "Répondre en français").

Combining HDS with ISO 27001

HDS v2.0 builds on ISO 27001:2023. Chapter 5 ISMS requirements map directly to ISO clauses 4–10, so you can cross-reference controls.

Combined prompts:

  • "How does HDS v2.0 chapter 5.8 align with ISO 27001 clause 8 operational controls?"

  • "ISO 27001 Annex A.5.23 cloud security mapped to HDS v2.0 data sovereignty requirements"

  • "HDS 5.6.2 security objectives integrated with ISO 27001 A.5.1 policies"

Because HDS mirrors ISO's ISMS structure, organizations already ISO 27001-compliant can leverage existing policies, risk assessments, and documentation for HDS certification. Query both frameworks together to identify gaps.

HDS adds healthcare-specific requirements (Chapter 6 contractual clauses, Chapter 7 sovereignty) beyond ISO 27001. Use combined queries to map your ISO controls and identify HDS-only obligations.

Audit Preparation Best Practices

Break down complex requirements: Query one subsection at a time (e.g., "HDS 5.7.4 communication" rather than "all Chapter 5 support requirements").

Upload existing documentation: Attach policies, contracts, or risk assessments (PDF/DOCX) and ask "Does this meet HDS v2.0 requirement 6.6 subcontracting?" for gap analysis.

Request structured outputs: Ask for tables, checklists, or evidence lists—e.g., "Create an evidence checklist for HDS v2.0 Chapter 6 contractual requirements."

Use personas: Prompt as "HDS Auditor" or "Health Data Hosting Manager" for role-specific guidance.

Iterate in workspaces: Create a dedicated workspace per client or project to keep HDS queries, drafts, and uploaded files organized.

ISMS Copilot accelerates draft creation and analysis but is not a substitute for certified HDS auditors or legal counsel. Always verify outputs against the official HDS v2.0 framework and French Public Health Code.

Next Steps

Start with a high-level query like "HDS v2.0 overview for cloud health data hosting" to understand the framework, then drill into specific chapters as you build policies or prepare for certification. For ISO 27001 users, map your existing controls to HDS Chapter 5 first, then tackle the healthcare-specific requirements in Chapters 6 and 7.

Related: Supported Compliance FrameworksPrompt Engineering Overview

Was this helpful?