A Commitment to Comprehensive Security and Data Privacy Practices

Unyielding Commitment to Protecting Information Assets and QMS Information Security

AssurX is committed to protecting its information assets to satisfy the company’s business objectives, meet the information security and compliance requirements of our customers, and protecting rights to privacy.

We implement programs that are auditable, repeatable, and comprehensive. Our processes are continual and iterative to ensure that our data and our customers’ data is always protected at or above industry standards.

The asset protections and QMS information security objectives include:

• Defining responsibilities and business processes for information security
• Building a corporate culture of security and diligence
• Reducing security incidents through controls specific to unique risks and assets
• Meeting additional security compliance requirements as required

AssurX is ISO/IEC 27001 certified. This demonstrates that we operate an Information Security Management System (ISMS) that conforms to the requirements of ISO/IEC 27001:2022. You can download or view our certificate here.

The scope and boundaries of the ISMS are as follows:

The Information Security Management System (ISMS) applies to the implementation of information security, availability, and operational controls that secure the design and development of the AssurX Enterprise Quality Management & Regulatory Compliance Software and Cloud Platforms, Professional Services, and Technical Support Services, including stored customer data and the supporting cloud infrastructure, in accordance with the ISMS Statement of Applicability.

The statement of applicability includes control objectives from the ISO/IEC 27001:2022 framework.

AssurX is officially SOC 2 compliant in accordance with SSAE Attestation Standards. SOC, which stands for System and Organizational Controls, is a framework developed by the American Institute of Certified Public Accountants (AICPA) for the purpose of providing regular, independent attestation of the controls that a company has implemented to mitigate information-related risk.

General Data Protection Regulation (GDPR) regulates the collection and processing of the personal data of EU residents and companies that operate in the EU and outside of the EU if they have any EU customers or personal data of anyone in the EU. AssurX’s marketing data strategy is aligned with GDPR and the ePrivacy Directive. For more information, view our Privacy Policy and Cookie Policy.

AssurX uses 256-bit data/file encryption for data in transit and data at rest to provide you with the highest peace of mind and the highest security standard. It is the most secure encryption method used in modern encryption algorithms, protocols and technologies. The 256-bit encryption key is used by the US government and other entities that need to protect highly classified information.

AssurX complies with HIPAA regulations and offers a Business Associate Addendum (BAA) for Covered Entities doing business with us.

AssurX institutes company-wide policies and procedures to assure this, including employee training, frequent policy and procedure reviews, signed confidentiality agreements and stringent information security procedures.

COMPLIANCE SYSTEM CONTROLS

AssurX provides administrative, technical and physical safeguards and controls to meet compliance requirements and standards as applicable to AssurX for:

• FDA 21 CFR Part 11 – FDA scope and application of Code of Federal Regulations (CFR) for Electronic Records and Electronic Signatures. Request our 21 CFR Part 11 compliance paper for more details.
• EU Annex 11 – European Union EUDRALEX Rules Governing Medicinal Products in the European Union, Good Manufacturing Practice, Medicinal Products for Human and Veterinary Use

For additional information on AssurX security and data protection, please contact [email protected].