ClinSoft focuses its attention to the provision of information security and assurance that everyone is responsible for the security of information within the Company. Information Security Policy of the Company sets rules, policies and procedures designed to ensure all end users, technologies, media, databases, systems and networks within the Company meet information technology security and data protection security requirements. The Policy statements incorporate also the US Food and Drug Administration (FDA) and European Medical Agency (EMA) laws and regulations, as well as requirements of the Health Insurance Portability and Accountability Act (HIPAA) that stipulate the protection of sensitive patient health information from being disclosed without the patient’s consent or knowledge.
Information Security Policy covers a wide spectrum of related rules and procedures, including:
- Employee requirements, as individual data users that are responsible for the security of all data, which they receive in various forms, proper usage of corporate assets (e.g. hardware and software) and retention on ownership.
- Regulation of prohibited activities, such as crashing of information systems, unauthorised access of confidential or sensitive information, copyright violations, use of Company information resources for personal profit, harassment, etc.
- Reporting of software malfunctions and/or security incidents on a continuous bases by all employees and contractors of the Company to the appropriate supervisors or security staff.
- Access, usage, backup and transfer of software and confidential and sensitive information/data, including personal information and/or personal health information, in accordance with the special strictly regulated conditions.
- Confidentiality Agreement or Non-Disclosure Agreement is signed by users of Company information resources, as a condition for employment or subcontracting.
- Access control systems are maintained to protect information resources, such as passwords, encryption, constraint user interfaces, etc.
- Malicious code and software vulnerabilities policy ensures performance of systematic process of identifying, quantifying, and prioritizing the vulnerabilities in the Company software, installing antivirus software and compatibility checks of new software with existing software and network configuration.
- Hardware security protection practices via virus protection software, firewalls and virtual private network (VPN) usage, security locks, etc.
- Change management policy ensures that the Company tracks changes to networks, systems and workstations.
- Audit controls policy ensures implementation of technical mechanisms that trach and record computer activities and signal security violations occurred.
- Data integrity policy ensures operation of appropriate electronic mechanisms to corroborate that personal information or the database with the study specific information has not been altered or destroyed in an unauthorised manner.