Trust

Compliance

• SOC 2 Type II reports available at our Trust Center.
• Adheres to FDA 21 CFR Part 11 and EU Annex 11 regulations.

Platform Infrastructure

• Hosted on Amazon Web Services (AWS).
• Best-in-class security.
• High availability and highly redundant architecture for 99.5% up-time.
• Real-time monitoring.

Product Data Management

• 256-bit Advanced Encryption Standard (AES-256) for data at rest or in motion.
• Point-In-Time recovery restoring to any 5-minute interval.
• Auditable change log.
• Isolated data retrieval via Data Access Objects.

User Security

• Configurable password complexity and depth.
• Single Sign-On (SSO) and Multi-factor authentication (MFA) via your Identity Provider (IdP)

Privacy and Confidentiality

• Implementing extensive policy, network, and infrastructure security protections with respect to all information.
• Limiting the amount of personal information we collect from our customers and users.
• Training employees on our privacy and security programs and obligations to our customers.
• Strictly limiting access, disclosure, use, and transfer of customer data except at the direction of the customer or in accordance with contractual agreements.
• Using personal information only to provide services and never selling it to third parties.
• Retaining an external law firm to monitor changes in privacy law across the globe to ensure all required changes and updates are reflected in our privacy program.
• Requiring all DistillerSR employees, contractors, and other personnel to undergo criminal record and reference checks before they are hired.
• Requiring employees with Privileged Access to undergo criminal record checks every two years at a minimum.
• Undertaking annual external SOC 2 Type II audits to ensure we maintain a high degree of compliance with our programs.
• Conducting regular penetration tests performed by independent 3rd parties.

For more information, please review our Privacy Statement.