Compliance & Validation Support
Comprehensive compliance documentation and validation support materials for pharmaceutical companies deploying Biocore in GxP and HIPAA-regulated environments.
Request Compliance Documentation
Enterprise customers can request SOC 2 Type II reports, HIPAA BAA templates, validation documentation packages, and vendor qualification questionnaires.
SOC 2 Type II Report
Biocore maintains security controls aligned with SOC 2 Type II standards. Our security documentation is available for enterprise customers to support vendor qualification and security assessments.
Available Documentation:
- SOC 2 Type II audit report (available under NDA for enterprise customers)
- Security control documentation
- Penetration testing reports (summary available)
- Security assessment questionnaires
Request Process: Enterprise customers can request SOC 2 Type II reports by contacting hello@biocore.com. Reports are typically provided within 5-7 business days. A non-disclosure agreement (NDA) may be required.
HIPAA Business Associate Agreement (BAA)
Biocore provides HIPAA-ready infrastructure and Business Associate Agreements (BAA) for customers processing Protected Health Information (PHI). A BAA must be executed before any PHI is processed through the Services.
BAA Availability:
- HIPAA BAA template available for review and execution
- BAA includes required HIPAA Security Rule safeguards
- Breach notification procedures (within HIPAA-required timeframes)
- Subcontractor disclosure and Business Associate agreements
Request Process: Contact hello@biocore.com to request a BAA template. BAA execution typically completes within 3-5 business days.
Important: No PHI may be processed through the Services without a valid BAA in place. See our Terms of Service Section 6 for detailed HIPAA provisions.
21 CFR Part 11 Feature Matrix
Biocore Services are designed to support 21 CFR Part 11 compliance requirements. The following features are available to support electronic records and electronic signatures:
Available Features:
Audit Trails
Comprehensive logging of all system activities and data changes
Access Controls
User authentication, authorization, and role-based access management
Electronic Signatures
Support for electronic signature requirements where applicable
Data Integrity Controls
Mechanisms to prevent unauthorized data modification
Data Provenance Tracking
Complete lineage and history of data modifications
Record Retention
Configurable data retention policies
Detailed Specifications: Enterprise customers can request detailed specifications for audit trails, electronic signatures, and data integrity controls. Contact hello@biocore.com for detailed feature documentation.
Important: Biocore provides the tools and infrastructure to support compliance, but Customer must validate and operate the system in accordance with applicable regulations. See our Terms of Service Section 7 for detailed GxP and data integrity provisions.
System Validation Documentation Package
Biocore provides comprehensive validation documentation packages to support your GxP validation process. Documentation is designed to facilitate Installation Qualification (IQ), Operational Qualification (OQ), and Performance Qualification (PQ) protocols.
Documentation Package Includes:
IQ Protocols
Installation Qualification protocols and test scripts
OQ Protocols
Operational Qualification protocols and test scripts
PQ Protocols
Performance Qualification protocols and test scripts
Validation Summary Report
Template for validation summary reporting
System Documentation
Architecture, data flow, security controls documentation
Change Control Procedures
System update procedures and validation impact assessment
Request Process: Enterprise customers can request validation documentation packages by contacting hello@biocore.com. Documentation packages are typically provided within 7-10 business days.
Important: Customer is solely responsible for system validation. Biocore provides documentation to facilitate validation, but does not provide regulatory consulting or validation services. See our Terms of Service Section 7 for detailed validation responsibilities.
Audit Trail Specifications
Biocore provides comprehensive audit logging and monitoring capabilities to support compliance tracking and regulatory inspection requirements.
Audit Trail Capabilities:
- Comprehensive Logging: All system activities and data changes are logged
- User Identification: All actions are attributed to specific users
- Timestamp Precision: Timestamps recorded with appropriate precision for compliance requirements
- Action Tracking: All data modifications, deletions, and access attempts are logged
- Reason for Change: Change reason tracking where applicable
- Retention Period: Audit logs retained for minimum of 7 years for compliance purposes (GxP, HIPAA)
- Tamper-Evident Mechanisms: Audit logs are protected against unauthorized modification
- Export Capabilities: Audit logs can be exported for regulatory inspection purposes
Detailed Specifications: Enterprise customers can request detailed audit trail specifications, including logging format, retention policies, and export capabilities. Contact hello@biocore.com for detailed documentation.
Electronic Signature Specifications
Biocore provides support for electronic signature requirements where applicable, designed to support 21 CFR Part 11 Subpart C compliance.
Electronic Signature Capabilities:
- Signature Capture: Electronic signature capture mechanism
- Signature Information: Printed name, date/time, and meaning of signature captured
- Record Linking: Signatures linked to specific records and cannot be disassociated
- Tamper-Evident: Signatures protected against unauthorized modification
- Authentication: User authentication required before signature capture
Detailed Specifications: Enterprise customers can request detailed electronic signature specifications, including implementation details, compliance with 21 CFR Part 11 Subpart C, and signature capture mechanisms. Contact hello@biocore.com for detailed documentation.
Important: Customer is responsible for proper use of electronic signatures and adherence to applicable GxP, FDA, and domestic laws. See our Terms of Service Section 7 for detailed responsibilities.
Data Backup & Disaster Recovery
Biocore maintains comprehensive data backup and disaster recovery procedures to ensure data availability and business continuity.
Backup & Recovery Capabilities:
- Backup Frequency: Regular automated backups with configurable frequency
- Data Retention: Backup retention policies aligned with compliance requirements
- Disaster Recovery: Comprehensive disaster recovery procedures
- Recovery Time Objective (RTO): RTO specified in Service Level Agreement (SLA)
- Recovery Point Objective (RPO): RPO specified in Service Level Agreement (SLA)
- Business Continuity: Business continuity planning and procedures
Detailed Specifications: Enterprise customers can request detailed backup and disaster recovery specifications, including backup frequency, retention policies, RTO/RPO, and business continuity procedures. Contact hello@biocore.com for detailed documentation.
Service Level Agreement: Specific backup and disaster recovery commitments are detailed in the Service Level Agreement (SLA) provided with your Order Form. See our Terms of Service Section 1 for SLA definition.
Vendor Qualification Questionnaire (VQQ)
Biocore provides Vendor Qualification Questionnaires (VQQ) or equivalent documentation to support pharmaceutical vendor qualification processes.
Available Documentation:
- Standard Vendor Qualification Questionnaire (VQQ)
- Security assessment questionnaires
- Compliance documentation summaries
- System capability documentation
Request Process: Enterprise customers can request Vendor Qualification Questionnaires by contacting hello@biocore.com. VQQ documentation is typically provided within 5-7 business days.
FDA Inspection Support
Biocore provides reasonable cooperation and support during FDA inspections of Customer facilities, including system documentation, validation materials, and technical support.
Inspection Support Includes:
- Providing system documentation and validation materials
- Responding to FDA inquiries about system capabilities and compliance features
- Providing technical support during inspections (with advance notice)
- Maintaining audit logs and system documentation for inspection purposes
Inspection Support Process: Enterprise customers requiring FDA inspection support should contact hello@biocore.com with advance notice. See our Terms of Service Section 12 for detailed FDA inspection support provisions.
Change Control Procedures
Biocore maintains controlled change management procedures to ensure system updates are managed in a manner that supports customer validation requirements.
Change Control Process:
- Advance Notification: Minimum 30 days advance notice of system updates (managed hosting)
- Change Control Documentation: Change control documentation and validation impact assessments provided
- Rollback Procedures: Rollback procedures available if updates impact validated processes
- Validation Impact Assessment: Impact assessments provided for changes that may affect validated state
- Documentation Support: Documentation and guidance to support validation requirements per GxP
Detailed Procedures: Enterprise customers can request detailed change control procedures, including notification timelines, validation impact assessment process, and rollback procedures. Contact hello@biocore.com for detailed documentation.
Self-Hosted Deployments: Self-hosted deployments have different change control responsibilities. Customer has complete control over system updates and assumes full responsibility for validation and compliance. See our Terms of Service Section 8 for detailed deployment-specific responsibilities.