Genestack develops its ODM platform based on a structured and controlled set of requirements that are mapped and aligned to key regulatory and security frameworks, including:
These requirements form a core input into the design, development, and operation of the Genestack ODM platform, ensuring that security, data integrity, and regulatory compliance are embedded by design. This approach enables customers to operate the platform in alignment with applicable regulatory expectations.
Genestack ODM is GDPR, HIPAA and ICH GCP E6-ready.
Genestack's ISO 27001-certified Information Security Management System (ISMS) ensures the ODM platform is designed and operated in line with "secure by design" principles, supporting compliance with GCP and regulatory requirements.
Core security capabilities include:
Where ODM is delivered as a SaaS solution, the ISMS governs all operational processes to ensure the ongoing security, availability, and integrity of the service, supported by continuous internal audit and regular control validation.
Genestack is certified to:
All ISO/IEC certifications are independently audited annually by Amtivo, a UKAS-accredited certification body, providing ongoing assurance that security and privacy controls remain effective against evolving threats.
Below are the key requirements under the FDA's 21 CFR part 11, how Genestack ODM complies with these, and how Genestack can help you fulfil your regulatory obligations towards these.
The Genestack ODM product has data integrity and consistency controls that validate and confirm the permitted user inputs and sequence of steps, both through the GUI and through an extensively-documented RESTful API library. This covers a broad range of data management operations, including data loading, curation, sharing, search, and export.
The Genestack Genestack ODM product is a single point of truth for all Life Science Data associated with the specified clinical data sources and is capable of providing records in both human-readable and electronic form, suitable for further analysis and regulatory review. Data provenance and modifications are tracked, and multiple data versions can co-exist, ensuring reproducibility.
All production data is stored at rest encrypted and protected in transit through transport level encryption. Data is backed up regularly. Data storage and backups allow all data to be retained to meet the regulatory requirements. Security by design principles for the product leverage operating system security services to ensure the integrity of data.
The integrity of data, and metadata within Genestack ODM is assured by means of strong access control measures preventing unauthorised access. All identities within the product are unique and assigned to individuals. The Genestack ODM product relies on role-based permissions, which allows the client's Genestack ODM administrator to configure the level of access to specific roles.
The product is also capable of generating secure unpredictable API tokens for secure programmatic access to Genestack ODM; these tokens can be revoked by the admin role within Genestack ODM.
The product has its own internal identity management solution, using the user's identity and a user-selected complex password. However, Genestack recommends that clients integrate with their identity and access management solution through, in order of preference, SAML authentication or OpenID Connect. This enables the client to enforce its authentication and access control policies onto the use of Genestack ODM.
The Genestack ODM product generates a time-stamped audit trail of platform activity. Detailed audit-trail reports are generated by Genestack on request.
Genestack policy and procedures require that its personnel are provided with onboarding and training for their job function. The records for this training are maintained and updated in line with these procedures. Genestack personnel are given training on our Information Security Management System (ISMS) and GCP awareness. Our Compliance and Security Working Group monitors and conducts internal audits to ensure our policy and procedures are complied with and reviewed regularly. Genestack ODM documentation is available to all users online and all specifications, requirements, and associated documentation is version- and change-controlled by Genestack within our electronic knowledge management system.
Our assessment based upon the requirements given by our customers is that the records within Genestack ODM do not need to be signed, and Genestack ODM does not support electronic signatures. We have taken a risk-based view that the accountability and non-repudiation requirements, which can be satisfied by electronic signatures, can be met through controls within Genestack ODM, from controls within the computing environment hosting Genestack ODM, and by integration with the client's IAM solution.
NEWS AND BLOG
More highlightsContact Genestack
To discuss your projects, challenges or to ask us any questions
