IT Support and Structure
At Smooth Drug Development, we pay special attention to data retention, access control and compliance requirements.
All systems are built according to the FDA recommendations for computerized systems used in clinical trials and the requirements of regulation 21 CFR Part 11, including:
- Availability of Standard Operating Procedures
- Records management
- Access control
- Availability of the audit trail
- Date and time stamps
- Security measures
- Data handling control
- Staff training
- Electronic records and signatures management
In 2021, the company passed a certification inspection for compliance with the requirements of ISO 27001:2013 "Information Security Management Systems" of the international company G-CERTI.
We use the most advanced server hardware, which allows us to maintain high performance of our work. To ensure smooth functioning of the network we deployed a distributed data storage, which allows us to continue our activities in case of failure of individual components of the system till the replacement or repair. Even physical destruction of one of our servers will not affect our work. In case of destruction of two or more storage centers, the term of recovery to an acceptable level of performance is less than 24 hours, to a normal level – up to 72.
A system of constant data synchronization allows our staff to work in the network, or remotely with a minimal risk of losing information. Working documents are available at various devices that allows you to combine flexibility with the highest level of protection.
To provide more flexible access to the information we provide employees with mobile devices. Device management system allows us to set security policies and safely control them.
We use electronic tools for team work to optimize the data flow and to help the team to work more comfortable and rapid.
To protect data from damage or loss, we use the modern and reliable software that allows us to make backup copies of data under the scheme GFS. For maximize availability, we use a best practice on a 3-2-1 approach to data protection: 3 – Maintain at least three copies of data and applications, 2 – Store backups on at least two different types of storage, 1 – Keep one of the backups in a different location. In addition to our backup servers the data is saved at the international Tier Level 4 data centers in real-time.
Reservation of broadband access
To maintain continuous operation of all our offices we implemented the principle of an independent duplication of broadband Internet access.
Installation and performance qualification
For a list of crucial software we perform validation of the software environment, installation and performance qualification that allows us to make sure that the software is installed and work properly.
To protect the information we use up-to-date antivirus software for file and email servers, workstations and mobile devices. For additional protection for mail servers we use proven spam filters.
To control access to our system, we use a system of dual user authentification, which enables repeatedly increase protection compared to conventional passwords.