Security & Compliance Clinical Research IO

Security & Compliance

CRIO’s Security and Compliance Statement: Effective as of October 2021

CRIO employs best practices to keep your data secure, private, redundant, and accessible. We enable you to stay compliant with regulatory requirements, including 21 CFR Part 11, Annex 11, HIPAA, and GDPR. Besides documentation on our own practices, we will provide you with helpful tools such as draft SOP’s and validation exercises to help you achieve full compliance on your end.

Secure and Private

CRIO hosts its infrastructure within secure private networks via public cloud providers. Both physical and digital measures are in place to protect CRIO’s infrastructure. Data centers are SOC 2 and ISO 27001 certified and utilize biometric authentication. Firewalls, access control policies, and security monitoring systems are enabled on each machine to protect against malicious activity. All data is encrypted, both at rest and in transit. CRIO has undergone penetration tests from 3rd parties to validate its security policies and measures.

Accessible Backups of your Data

Continuous backups for the trailing week, and hourly, off-site data backups before then, ensure that your data is always safe, and can be restored in the event of an emergency. Standard operating procedures related to CRIO’s security and business continuity can be provided upon request. Year to date in 2021, CRIO’s uptime has been 99.98%.

Compliant with Regulations

Working with regulatory consultants, we’ve developed detailed SOP’s and matrices to demonstrate compliance with 21 CFR Part 11, Annex 11, HIPAA and GDPR. Our system is internally validated and externally certified, and we provide you with a full suite of sample SOP’s you may wish to adopt that are tailored to our system.

Global Infrastructure

Clients can host their data on a server located within their region, ensuring that data does not move across national or regional jurisdictions – through this, CRIO complies with international data protection laws that restrict data from being stored in other countries. CRIO currently has servers in the United States, Canada, Germany, and Australia.

See CRIO’s Privacy Policy.

Learn More About CRIO


Give us a call: