eClinical Solutions follows a rigorous information security program which includes strict user identity access management, workstation protections, and mandatory company-wide cyber security training. Many of the company’s Security, Risk and Compliance programs are built around the NIST Cyber Security Framework (CSF). All Servers are “hardened” during the build process. This process includes blocking all unnecessary network ports, allowing only required/restricted ports. Firewalls are configured with strict access rules to block unwanted/unauthorized traffic. All systems are configured for availability, performance and resource utilization monitoring. All sensitive data is encrypted at rest and during transfer, and eClinical Solutions is Privacy Shield Certified.
A robust Business Continuity Plan (BCP) has been developed to account for numerous events including system failures, service outages and “Acts of God.” The plans are reviewed and tested on an annual basis. An associated Incident Management and Communications Plan is part of the Business Continuity Plan.
Quality and Compliance
eClinical Solutions recognizes its regulatory/guidance compliance responsibilities when providing services to our Clients. Specifically, we:
- Model our Quality Management System against the standards of ICH E6(R2) – Guideline for Good Clinical Practice and associated FDA regulatory Guidance for Industry
- Comply where applicable to regulatory requirements including 21 CFR Part 11, HIPAA, GDPR, and Relevant State Laws
- Understand the implications of the Computerized Systems Used in Clinical Investigations guidance when implementing systems for clients or eClinical Solutions business needs
The eClinical Solutions product elluminate has been designed to comply with standards and requirements set forth in FDA 21 CFR Part 11, Electronic Signatures and Records. Furthermore, we ensure the application is hosted in a secure fashion and maintained in a state of control following a defined Software Development Lifecycle and Computer System Validation process for each release.
elluminate has a comprehensive and flexible security and data access model that can be applied at the user group, study and data store levels within the application. This security is honored when using outbound APIs to access data from external applications.
Users and roles can be granted access to only specific features and can be limited access to specific programs, compounds and/or studies. Additionally, users or groups can be selectively denied access to specific data stores containing unblinded or unmasked data.