Privacy and security are foundational
We are committed to building partnerships by providing reliable and secure cloud services
Data privacy and data security are critical for the biopharmaceutical industry that Vineti supports. We protect our customer data and IP with best-in-class physical, network, application, and data-level security. Our focus on building rigorous and advanced infrastructure stems from our deep commitment to ensuring reliability, privacy, predictability, and scalability for our valued customer partnerships.
Our customers are the data controllers; Vineti is the data processor. Our customers have full control of their proprietary data entered into the platform. Vineti uses Amazon Web Services (AWS) as its primary cloud infrastructure provider, enabling all of Vineti’s customers to scale safely. Vineti regularly performs internal penetration and vulnerability testing, as well as regular tests by an independent third party to ensure that the platform is secure.
Our commitment is to ensure our services are available for operation and use at times set forth in service-level agreements, protected against unauthorized physical and logical access, and that our system processing is complete, accurate, timely, and authorized. 100% of Vineti’s production infrastructure is continuously replicated to a second geographic location, ensuring high availability, and rapid disaster recovery.
Vineti’s industry-leading compliance program
Patient privacy is of paramount importance to Vineti, especially as a standard-setting cloud provider for our industry. Vineti has in place the physical, network, and process security measures to ensure ongoing HIPAA Compliance and have received Avertium’s (formerly Sword & Shield) certification as HIPAA Compliant, its highest rating.
Good Automated Manufacturing Process (GAMP® 5) is guidance issued by the International Society for Pharmaceutical Engineering (ISPE). That guidance, GAMP® 5: A Risk-Based Approach to Compliant GxP Computerized Systems, provides compliance and validation standards for computerized systems supporting the industry. Vineti adheres to these standards and practices in the specification creation, verification, and testing processes.
The General Data Protection Regulation (GDPR) is a European Union (E.U.) regulation that took effect May 25, 2018, with the intent to simplify and harmonize data protection laws in E.U. Member States. Vineti has comprehensively evaluated GDPR requirements, is committed to providing privacy and security practices to ensure compliance for all customers operating and/or based in the E.U. and has been formally evaluated for GDPR compliance by Avertium (formerly Sword & Shield).
Vineti is certified under the U.S./E.U. and U.S./Switzerland Privacy Shield Frameworks to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
Vineti enables our customers to meet FDA and EMA compliance of therapeutic delivery of Personalized Therapies. Up-to-date on the quickly evolving guidelines provided globally, Vineti makes each customer’s supply chain operations safer and more reliable. Vineti is an independent commercial supply chain solution that has been reviewed by the FDA as part of a personalized cell therapy product review and approval. This means our customers can trust that using Vineti will provide a more streamlined regulatory review and inspection.
Vineti maintains a SOC 2 type 2 certification, covering the security, availability, and privacy trust principles. And, as a SaaS provider to healthcare customers, Vineti is a member of the Healthcare Information Sharing and Analysis Center (H-ISAC).