Global Compliance, A Shared Responsibility

Compliance is a shared responsibility between Florence and our customers. Florence interprets the technical and procedural requirements of applicable global regulations so that our customers can have time back in their day to focus on research.

Florence has created a Shared Responsibility Model to outline clear delineations of responsibilities between us at Florence, and our customers so we can accelerate cures together (and not get bogged down by grey areas). We keep this model up to date based on this global regulations, alleviating any potential gaps in compliance that may arise from unclear roles and duties.

As a software provider, Florence ensures we have appropriate technical controls that align with global standards. Even with these technical controls in place, there are still key procedural controls that our customers need to manage to ensure records are submission ready and in line with ALCOA standards. 

Regulatory Compliance

21 CFR Part 11 compliance is essential to using Florence products for management of clinical trials. While Florence is fully compliant with all technical requirements of Part 11, our regulatory compliance does not stop there. Florence is also compliant with the technical controls of Annex 11 and similar global regulations. To ensure complete compliance with the regulatory requirements set forth in these regulations, customers need to have appropriate procedural controls in place. 


Florence complies with the General Data Protection Regulation (GDPR) and the UK equivalent, ensuring that as a controller, processor, and trusted industry software vendor we have the appropriate controls in place. Florence utilizes AWS servers that are HIPAA compliant in the US, Germany and Australia.  Customers are responsible for only using Florence in regions where Florence has a data center, or otherwise ensuring there aren’t any data localization laws in other regions before use. To support utilization of Florence around the world, Florence has a team dedicated to researching data localization requirements and determining how Florence can work with customers to comply.


Florence maintains an Information Security Program that aligns with industry standards, and has a current SOC 2 Type 2 to demonstrate how our controls are operating.  Customers need to ensure their organization upholds security standards and all authorized users follow these practices. 

If you have any questions related to Florence’s compliance, GDPR practices, data security, data privacy, and/or Privacy Policy, please contact us at

“At Florence we believe in shared responsibility because we recognize we all play a significant role in protecting customers’ and study participants’ data and privacy. Florence does extensive research into global regulations affecting clinical trial documentation,  monitoring, data transfer and storage.  Armed with that information, we can provide solid guidance to our customers so that they can best leverage the Florence resources towards critical clinical trials in their global venues.”

Nancy DiGioacchino
VP, Quality Mgt and Global Compliance


Rated #1 by sites on G2 for ease of use, ease of setup, and customer support


Sites activated on the platform


Countries connected


Site adoption rate


Reduction in site workload


Million workflows per month

Get the Checklist