Clinical Research IO’s Security and Compliance Statement: Effective as of June 1, 2020
CRIO employs best practices to keep your data secure, private, redundant, and accessible. We enable you to stay compliant with regulatory requirements, including 21 CFR Part 11, Annex 11, HIPAA, and GDPR. Besides documentation on our own practices, we will provide you with helpful tools such as draft SOP’s and validation exercises to help you achieve full compliance on your end.
Secure and Private
CRIO hosts its infrastructure within secure private networks via public cloud providers. Both physical and digital measures are in place to protect CRIO’s infrastructure. Data centers are SOC 2 and ISO 27001 certified, and utilize biometric authentication. Firewalls, access control policies, and security monitoring systems are enabled on each machine to protect against malicious activity. All data is encrypted, both at rest and in transit. CRIO has undergone penetration tests from 3rd parties to validate its security policies and measures.
Accessible Backups of your data
Hourly data backups, stored in multiple locations, ensure that your data is always safe, and can be restored in the event of an emergency. Standard operating procedures related to CRIO’s security and business continuity can be provided upon request. In 2017 and 2018, CRIO achieved its target uptime of 99%.
Compliant with Regulations
Working with regulatory consultants, we’ve developed detailed SOP’s and matrices to demonstrate compliance with 21 CFR Part 11, Annex 11, HIPAA and GDPR. Our system is internally validated, and we provide you with a full suite of sample SOP’s you may wish to adopt that are tailored to our system.
Clients can host their data on a server located within their region, ensuring that data does not move across national or regional jurisdictions – through this, CRIO complies with international data protection laws that restrict data from being stored in other countries. CRIO currently has servers in the United States, Canada, Germany and Australia.