Trust and Privacy
ISO 27001 and 27701 Certified
eClinical Solutions has achieved ISO (International Organization for Standardization) 27001 for our information Security Management System (ISMS) and 27701 for our Privacy Information Management System (PIMS) .
The ISO 27001 standard provides Security best practices for establishing, implementing, maintaining, and continually improving ISMS, and ISO 27701 extends that standard into a PIMS, providing best practices to protect data and ensure compliance with General Data Protection Regulation (GDPR) and similar regulations.
SOC2 Type2 Report
eClinical Solutions holds a SOC2 Type2 report which demonstrates proper controls in place following the trust principles of Security, Availability, Processing Integrity, Confidentiality, and Privacy set forth with by American Institute of CPAs Service Organization Control framework. This report is available upon request.
HIPAA Compliance
eClinical Solutions has completed a Third-Party Security Compliance Assessment against the Security Final Rule established by the Department of Health and Human Services under the Health Insurance Portability and Accountability Act (HIPAA) of 1996 as a potential Business Associate and deemed to have the proper controls in place to meet the requirements.
Security
eClinical Solutions’ security, risk and compliance programs are built around industry recognized cyber security standards and practices. eClinical Solutions follows a rigorous information security program which includes:
- Robust User Identity Access Management
- Proactive System Monitoring and Management
- Cyber Security Awareness Training & Risk Assessments
- Detailed Business Continuity and Disaster Recovery Plans
Quality and Compliance
eClinical Solutions recognizes its regulatory/guidance compliance responsibilities when providing services to our clients. Specifically, we:
- Model our Quality Management System against the standards of ICH E6(R2) – Guideline for Good Clinical Practice and associated FDA regulatory Guidance for Industry.
- Comply where applicable to regulatory requirements including 21 CFR Part 11, EU Annex 11, HIPAA, GDPR, and Relevant State Laws.
- Understand the implications of the computerized systems used in Clinical Investigations guidance when implementing systems for clients or eClinical Solutions business needs.
- Our elluminate® product has been designed to comply with standards and requirements set forth in FDA 21 CFR Part 11, Electronic Signatures and Records. Furthermore, we ensure the application is hosted in a secure fashion and maintained in a state of control following a defined Software Development Lifecycle and Computer System Validation process for each release.
Privacy
eClinical Solutions complies with all applicable data privacy laws. We partner with our clients to understand the types, categories and flow of data with the expectation that the Data Controller is in the best position to know and identify where their data is coming from. While eClinical Solutions is certified for the UK Extension, EU and Swiss with the Data Privacy Framework, we also ensure continued compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws and regulations. eClinical Solutions works with our clients to identify and adopt any required supplementary measures and continues to monitor changes to the fluid data privacy and security landscape with internal and external resources.