Navigation Menu

Security Compliance

CRIO employs best practices to keep your data secure, private, redundant, and accessible. We enable you to stay compliant with regulatory requirements, including 21 CFR Part 11, Annex 11, HIPAA, and GDPR. Besides documentation on our own practices, we will provide you with helpful tools such as draft SOP's and validation exercises to help you achieve full compliance on your end.

Secure and Private

All data is encrypted at rest and in transit. Our solution is deployed on a private network, on servers owned by us, in an SOC-2 certified data center. We employ firewalls, access controls, monitoring, penetration testing, etc. We conform to the EU-US and Swiss-US Privacy Shield Framework.

Redundant and Accessible

We use multiple servers at each tier of the CRIO platform, and perform hourly, off-site back-up of data. We have validated back-up/restore and disaster recovery SOP's in place. In 2017 and 2018, we achieved our target uptime of 99.95+%.


Working with regulatory consultants, we've developed detailed SOP's and matrices to demonstrate compliance with 21 CFR Part 11, Annex 11, ICH-GCP, and HIPAA. Our system is internally validated, and we provide you with a full suite of sample SOP's you may wish to adopt that are tailored to our system.