FPT gains HITRUST AI security nod for Hanoi centre

FPT has secured HITRUST r2 v11.5.1 certification for parts of its data centre operations in Vietnam. The certification covers systems used for application services, databases, and deployment, as well as the physical facility in Hanoi.

The certified scope includes in-scope platforms and facilities at the FPT Data Centre in Hanoi. It applies to the Application Services System, Database System and Deployment System that FPT hosts and manages on-site.

HITRUST is used by many organisations in healthcare and other regulated sectors as a benchmark for security assurance. The framework draws on multiple security and risk standards and maps controls to recognised requirements.

FPT said the certification indicates it has met the requirements of leading cybersecurity and regulatory frameworks and that controls are in place to protect sensitive data and manage risk.

AI Security

The scope also includes the HITRUST AI Security Certification, which addresses security risks associated with AI systems.

FPT said the AI security certification validates safeguards against threats such as data poisoning, model inversion and prompt injection. It did not provide details on the specific models, use cases or deployment environments covered by the AI assessment.

HITRUST's r2 approach includes external testing and quality assurance processes, including independent third-party testing and centralised quality assurance. The certification process references HITRUST's Cyber Threat-Adaptive engine.

FPT said the process remains aligned with updated threat intelligence and evolving standards across NIST, ISO and OWASP. Healthcare security teams often face changing compliance expectations alongside shifts in attacker techniques, with ransomware and data theft persistent concerns.

Healthcare Focus

FPT positioned the certification as significant for healthcare organisations and partners that rely on third parties for software development, hosting and data centre services. Healthcare providers and life sciences firms often operate under a mix of local health privacy rules, security standards and contractual requirements from payers and partners.

FPT described this as its third consecutive HITRUST certification, following HITRUST r2 Certification in 2022 and 2024.

For healthcare suppliers, the security posture of shared platforms and delivery pipelines remains a key concern. Certification scope can therefore matter as much as the certification itself, because it shows which systems and facilities have been assessed. In this case, the in-scope systems include application services, database and deployment systems within the Hanoi data centre, as well as the facility.

FPT Software Vice President and Director of the Global Healthcare Centre, Chu Canh Chieu, linked the certification to ongoing security work in healthcare operations.

"For healthcare organizations, security is not a one-time milestone. It is a discipline that must keep pace with evolving threats, compliance expectations, and operational realities. Achieving HITRUST Certification for the third consecutive time reinforces our ongoing commitment to protecting data, managing risk, and maintaining the trust of those we serve," said Chu Canh Chieu.

Company Profile

FPT is headquartered in Vietnam and operates across technology, telecommunications and education. It said it employs more than 54,000 people across its core businesses.

FPT reported total revenue of USD $2.66 billion in 2025. It describes itself as an AI-first organisation focused on digital, intelligence and green transformations.

In healthcare and life sciences, FPT said it has nearly two decades of experience and works with technologies including AI, cloud computing, IoT and advanced data analytics.

FPT also said it holds certifications aligned with standards and industry specifications, including HITRUST, HIPAA, ISO 9001, ISO 13485, HL7 and DICOM, and that it is among a limited number of technology firms in Southeast Asia with that mix of certifications.

FPT said the latest HITRUST certification applies to in-scope platforms and facilities at its Hanoi data centre, and that it expects the certification to remain relevant as security requirements and threat patterns continue to evolve.