Florence has created a Shared Responsibility Model to outline clear delineations of responsibilities between us at Florence, and our customers so we can accelerate cures together (and not get bogged down by grey areas). We keep this model up to date based on this global regulations, alleviating any potential gaps in compliance that may arise from unclear roles and duties.
As a software provider, Florence ensures we have appropriate technical controls that align with global standards. Even with these technical controls in place, there are still key procedural controls that our customers need to manage to ensure records are submission ready and in line with ALCOA standards.
21 CFR Part 11 compliance is essential to using Florence products for management of clinical trials. While Florence is fully compliant with all technical requirements of Part 11, our regulatory compliance does not stop there. Florence is also compliant with the technical controls of Annex 11 and similar global regulations. To ensure complete compliance with the regulatory requirements set forth in these regulations, customers need to have appropriate procedural controls in place.
Florence complies with the General Data Protection Regulation (GDPR) and the UK equivalent, ensuring that as a controller, processor, and trusted industry software vendor we have the appropriate controls in place. Florence utilizes AWS servers that are HIPAA compliant in the US, Germany and Australia. Customers are responsible for only using Florence in regions where Florence has a data center, or otherwise ensuring there aren’t any data localization laws in other regions before use. To support utilization of Florence around the world, Florence has a team dedicated to researching data localization requirements and determining how Florence can work with customers to comply.
Florence maintains an Information Security Program that aligns with industry standards, and has a current SOC 2 Type 2 to demonstrate how our controls are operating. Customers need to ensure their organization upholds security standards and all authorized users follow these practices.