cornbio.health
DATA SAFE HARBOR
DATA SAFE HARBOR
Thank you for your time and consideration.
This is a "Homepage" I put together for the purposes of providing additional details for my request for a Syncfusion® Essential Studio Community License. Since "cornbio.health" is not intended to have it's own organization homepage (as described below), my plan was to delete this page upon approval or rejection. If this page is required to remain as a condition of the Syncfusion® Community License, please let me know and I will establish a permanent URL for this page.
cornbio.health is a domain associated with Google Workspace Enterprise Plus for use as a global De-identification & Secure Data Enclave for data collected in clinical trials conducted globally.
Using Google Workspace Enterprise Plus, cornbio.health's data collection pipeline and data storage policies have been designed to meet the obligations and standards of the following global laws, regulations, and consensus standards:
ISO/IEC 27001: Core information security management system (ISMS) certification.
ISO/IEC 27017: Cloud-specific security controls and implementation guidance.
ISO/IEC 27018: Protection of personally identifiable information (PII) in public clouds.
ISO/IEC 27701: Comprehensive privacy information management system (PIMS) standard.
ISO 9001: Quality management systems.
ISO 22301: Business continuity management.
ISO 42001: Artificial Intelligence management system (covering integrated Gemini Enterprise tools).
SOC 1, SOC 2, and SOC 3: Independent AICPA audits covering security, availability, confidentiality, and privacy.
PIPEDA (Canada): Fully conforms to The Personal Information Protection and Electronic Documents Act.
GDPR (Europe): Fully conforms to EU data protection rules via built-in Enterprise Data Regions and Client-Side Encryption capabilities.
BSI C5 (Germany): Attestation under the Federal Office for Information Security cloud computing framework.
ISMAP (Japan): Certified under the Information System Security Management and Assessment Program for government procurement.
IRAP (Australia): Audited against the Australian government's Information Security Manual
HIPAA (United States): Health Insurance Portability and Accountability Act compliance for medical data; a Business Associate Agreement (BAA) with Google has been established.
United States Code of Federal Regulations:
21 CFR Part 11:
§11.30 Controls for Open Systems.
§11.50 Signature manifestations.
§11.70 Signature/record linking.
§11.100 General requirements.
§11.200 Electronic signature components and controls.
§11.300 Controls for identification codes/passwords.
§820.22 Quality audit.
§820.25 Personnel.
§820.40 Document controls.
§820.100 Corrective and preventive action.
§820.22 Quality audit.
World Medical Association Declaration of Helsinki - Ethical Principles for Medical Research Involving Human Participants: compliance with the core duty of medical researchers to protect the privacy and confidentiality of personal information belonging to research participants.
A unique subdomain will be created for each trial, with public-facing "homepages" created as necessary. cornbio.health will retain ownership of all source code developed and license for projects developed using Syncfusion® components.