A Clindox Product

Security and compliance

Data security and compliance are the foundations of the system



CRFweb Complies with FDA 21 CFR Part 11 regulations and is independently audited. It also meets GCP (Good Clinical Practice) standards. We have utilised the CDISC ODM (Operational Data Model) as our default coding standard for all aspects of a clinical trial; both Transactional and Snapshot data extracts are available for all datasets. Snapshot and Transactional ODM files can be exported as either XML or .xls files or exported as a SAS Xport file. Our new offline data collection app, allows data to be collected safely offline and automatically synced when a secure connection is available.

Please note. The FDA does not issue compliance certification for clinical trial applications. It is down to the sponsor to demonstrate the guidelines have been followed. Naturally that necessitates using a system built with compliance in mind, so if your procedures are compliant the system will ensure your study is compliant.

How to prove a system is compliant? Best practice for this is to use an independent compliance specialist to perform an audit. CRFweb was last independently audited in March 2019. Details available on request.



CRFweb Security

We take security very seriously. The system was designed from the ground up with security and compliance in mind. We utilized the CDISC ODM (Operational Data Model) as our default coding standard. We comply with FDA 21CFA part 11 regulations and have been independently audited. We also meet the US Health Insurance Portability and Accountability Act (HIPAA), Cloud Security Alliance (CSA), GCP (Good Clinical Practice) Standards. To give confidential client data maximum security, we use the latest SSL 256-bit encryption technology.
We use servers based in Europe and the US for reliability, data transmissions use HTTPS and servers are managed with security best practices/standards including the following:
  • SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70)
  • SOC 2
  • SOC 3
  • DOD CSM Levels 1-5
  • PCI DSS Level 1
  • ISO 27001
  • ITAR
  • FIPS 140-2
  • MTCS Level 3


CRFweb Articles