Data Security and Confidentiality. A. NPRQI Program has contracted with Clario (formerly known as BioClinica) to host all confidential data, performance dashboard, and de-identified aggregate performance dashboards of Participant Organizations. B. Clario’s Trial Application Platform (TAP) is a 21 CFR Part 11 and European Union General Data Protection Regulation (GDPR) compliant, cloud-based clinical trial support system utilizing industry-standard encryption technology, and employing Standard Operating Procedures governing the handling of trial-related data (e.g., PHI and Patient Safety Work Product (PSWP)) through the full program lifecycle. C. Data is encrypted pursuant to current standards from the National Institute of Standards and Technology (256-Bit encryption) while in transit (when files are uploaded or downloaded) over HTTPS. Data is encrypted at rest (in Amazon Web Services RDS databases) utilizing 256-Bit encryption as well. (NIST: ▇▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/publications/detail/sp/800-175b/rev-1/final). D. User authentication is managed through Active Directory Federation Services (ADFS), Virtual Private Tunnels between servers, and leverages Single Sign-On (SSO) and Active Directory (AD) services. E. TAP’s architecture is designed to ensure that only authorized users may trigger operations (e.g., create, edit, delete records, etc.) within the system. TAP’s security posture includes full system monitoring to detect potential user and system anomalies, with business continuity and disaster recovery capabilities that span a geographically dispersed cloud network to minimize the risk of catastrophic failure.
Appears in 4 contracts
Sources: Participant Organization Agreement, Participant Organization Agreement, Participant Organization Agreement