Security and compliance baked into the architecture

ClinScriptum is engineered for the most demanding pharmaceutical environments. We align with ICH GCP, 21 CFR Part 11, GDPR, and SOC 2 — and below is exactly how we protect your data.

GDPR-compliant hosting

GxP Audit Trail

Tenant isolation

International standards

Aligned with global compliance frameworks

Regional data residency

All customer data, including uploaded documents and metadata, is hosted in certified EU and US data centers. This ensures GDPR alignment and supports HIPAA-grade controls for healthcare data.

Enterprise certifications

ClinScriptum operates under SOC 2 Type II controls, aligns with ISO 27001, and supports the requirements of 21 CFR Part 11 for electronic records and signatures used in regulated environments.

Confidentiality and trade secrets

We treat your data as your most sensitive asset. Our architecture and contractual commitments ensure strict confidentiality. Your data is never shared with third parties and never leaves your isolated tenant environment.

Industry standards

Built for GxP

Audit Trail

Every GxP-relevant action — from uploading a document and editing a fact to suppressing an audit finding — is recorded automatically and immutably. The system captures 'who', 'what', and 'when', delivering full traceability for internal QA and regulatory inspections.

Role-based access control (RBAC)

A flexible roles model (Medical Writer, QA, Manager) lets you fine-tune permissions. Users see and act only on what their role allows, preventing unauthorized changes and enforcing separation of duties.

Validation-ready

We understand the importance of computerized system validation. For Enterprise customers we provide a validation pack template that helps your QA group qualify the platform efficiently (IQ/OQ/PQ).

audit_log.txt

[2026-01-22 09:14:32]USER: jdoe@pharma.com

[2026-01-22 09:14:32]ACTION: DOCUMENT_UPLOAD

[2026-01-22 09:14:32]FILE: protocol_v2.3.docx

[2026-01-22 10:45:18]USER: aroberts@pharma.com

[2026-01-22 10:45:18]ACTION: FINDING_SUPPRESS

[2026-01-22 10:45:18]REASON: False positive

[2026-01-22 11:22:05]USER: bmiller@pharma.com

[2026-01-22 11:22:05]ACTION: ROLE_CHANGE

[2026-01-22 11:22:05]DETAILS: Writer -> QA

A reliable, secure architecture

Multi-tenant data isolation

Our platform isolates customer data at the database layer (schema-per-tenant). Each customer's data is physically and logically separated, eliminating any possibility of cross-tenant access.

Encryption

All data is encrypted in transit using TLS 1.2+ and at rest using modern algorithms applied at the disk and database levels.

Backups and recovery

We perform regular automatic backups with Point-in-Time Recovery, keeping your data resilient against failure or loss.

Hardened infrastructure

Our infrastructure follows security best practices, including DDoS protection, regular vulnerability scanning, and strict access controls.

How we use Artificial Intelligence

1. Data privacy comes first

We use only private deployments of language models or secured APIs from vetted enterprise providers. Your data is never used to train public models.

2. The user always stays in control

AI acts as an assistant, not as the decision-maker. It proposes options (such as a simpler phrasing), but the final decision and approval always rest with you.

3. Determinism and GxP

For business-critical tasks we use a 'dual-control' approach: AI output is cross-checked against deterministic business rules. Every AI action is logged in the Audit Trail.

Have questions about security?

Our experts are happy to address any technical questions and walk you through the details.