Genestack develops its Genestack ODM product through establishing requirements that have been cross-referenced and aligned to 21CFR Part 11, ICH Guideline for good clinical practice E6 (R2) and ISO 27002 information security controls.
These requirements are a primary input to the design and development of Genestack ODM and enable our clients to comply with the applicable regulatory requirements during the use of the product.
Genestack ODM is GCP ready.
The Genestack ISO 27001 compliant ISMS ensures that the ODM product is developed by following the principles of “Secure by Design” in order to satisfy regulatory security requirements, up to and including GCP requirements. These requirements include:
Where Genestack operates ODM as a software-as-a-service for an individual client its ISO27001 compliant ISMS ensures that the procedures and processes required to maintain security of the service are robust and effective. These procedures are subject to continuous internal audit and they are assessed regularly to ensure that the security controls retain their effectiveness despite changes in the threat landscape.
ISO 27001 is one of the most widely recognised and internationally accepted information security standards. It identifies requirements for a comprehensive Information Security Management System (ISMS), and defines how organisations should manage and handle information in a secure manner, including appropriate security controls.
In order to achieve the certification, Genestack’s compliance was validated by an independent security firm after demonstrating an ongoing and systematic approach to managing and protecting company and customer data.
Below are the key requirements under the FDA’s 21 CFR part 11, how Genestack ODM complies with these, and how Genestack can help you fulfil your regulatory obligations towards these.
The Genestack ODM product has data integrity and consistency controls that validate and confirm the permitted user inputs and sequence of steps, both through the GUI and through an extensively-documented RESTful API library. This covers a broad range of data management operations, including data loading, curation, sharing, search, and export.
The Genestack Genestack ODM product is a single point of truth for all Life Science Data associated with the specified clinical data sources and is capable of providing records in both human-readable and electronic form, suitable for further analysis and regulatory review. Data provenance and modifications are tracked, and multiple data versions can co-exist, ensuring reproducibility.
All production data is stored at rest encrypted and protected in transit through transport level encryption. Data is backed up regularly. Data storage and backups allow all data to be retained to meet the regulatory requirements. Security by design principles for the product leverage operating system security services to ensure the integrity of data.
The integrity of data, and metadata within Genestack ODM is assured by means of strong access control measures preventing unauthorised access. All identities within the product are unique and assigned to individuals. The Genestack ODM product relies on role-based permissions, which allows the client’s Genestack ODM administrator to configure the level of access to specific roles.
The product is also capable of generating secure unpredictable API tokens for secure programmatic access to Genestack ODM; these tokens can be revoked by the admin role within Genestack ODM.
The product has its own internal identity management solution, using the user’s identity and a user-selected complex password. However, Genestack recommends that clients integrate with their identity and access management solution through, in order of preference, SAML authentication or OpenID Connect. This enables the client to enforce its authentication and access control policies onto the use of Genestack ODM.
The Genestack ODM product generates a time-stamped audit trail of platform activity. Detailed audit-trail reports are generated by Genestack on request.
Genestack policy and procedures require that its personnel are provided with onboarding and training for their job function. The records for this training are maintained and updated in line with these procedures. Genestack personnel are given training on our Information Security Management System (ISMS) and GCP awareness. Our Compliance and Security Working Group monitors and conducts internal audits to ensure our policy and procedures are complied with and reviewed regularly. Genestack ODM documentation is available to all users online and all specifications, requirements, and associated documentation is version- and change-controlled by Genestack within our electronic knowledge management system.
Our assessment based upon the requirements given by our customers is that the records within Genestack ODM do not need to be signed, and Genestack ODM does not support electronic signatures. We have taken a risk-based view that the accountability and non-repudiation requirements, which can be satisfied by electronic signatures, can be met through controls within Genestack ODM, from controls within the computing environment hosting Genestack ODM, and by integration with the client’s IAM solution.
NEWS AND BLOG
More highlightsContact Genestack
To discuss your projects, challenges or to ask us any questions
