Trust
DistillerSR has enterprise-grade security and compliance in place to safeguard your data and ensure optimal service availability.
Our Commitment
DistillerSR builds security, scalability, and availability into everything we do so you can focus on producing evidence-based research faster, more accurately, and more securely.
Visit our Trust Center for policies and reports on our security, privacy and compliance posture.
Compliance
- SOC 2 Type II reports available at our Trust Center.
- Adheres to FDA 21 CFR Part 11 and EU Annex 11 regulations.
- Adopted NIST AI Risk Management Framework, enabling us to govern the design, deployment, testing, verification, and validation of AI capabilities on our platform.
Platform Infrastructure
- Hosted on Amazon Web Services (AWS).
- Best-in-class security.
- High availability and highly redundant architecture for 99.5% up-time.
- Real-time monitoring.
- Regular penetration tests performed by independent 3rd parties.
Development
- Agile product delivery for software development lifecycle.
- Documented change management processes.
- GAMP5 risk-based approach to risk management.
Product Data Management
- 256-bit Advanced Encryption Standard (AES-256) for data at rest or in motion.
- Point-In-Time recovery restoring to any 5-minute interval.
- Auditable change log.
- Isolated data retrieval via Data Access Objects.
User Security
- Configurable password complexity and depth.
- Single Sign-On (SSO) and Multi-factor authentication (MFA) via your Identity Provider (IdP)
Privacy and Confidentiality
DistillerSR protects personal information and customer data by:
- Implementing extensive policy, network, and infrastructure security protections with respect to all information.
- Limiting the amount of personal information we collect from our customers and users.
- Training employees on our privacy and security programs and obligations to our customers.
- Strictly limiting access, disclosure, use, and transfer of customer data except at the direction of the customer or in accordance with contractual agreements.
- Using personal information only to provide services and never selling it to third parties.
- Retaining an external law firm to monitor changes in privacy law across the globe to ensure all required changes and updates are reflected in our privacy program.
- Requiring all DistillerSR employees, contractors, and other personnel to undergo criminal record and reference checks before they are hired.
- Requiring employees with Privileged Access to undergo criminal record checks every two years at a minimum.
For more information, please review our Privacy Statement.
Employees
DistillerSR maintains policies, standard operating procedures, and work instructions to communicate business processes to align customer commitments with the security and privacy practices of employees and contractors.
- New employees must complete training on the quality management system, security requirements, and code of conduct in addition to role-specific training.
- Security awareness and data integrity training are performed annually to communicate updates to business and security requirements
Trust Center
Visit our Trust Center for policies and reports on our security, privacy and compliance posture.