Climedo’s goal is to delight customers with ease of use and to ensure secure data processing at the same time. Therefore, we are continuously guided by industry-specific standards, which are required for software to be used in the field of clinical trials.
Climedo works according to the resulting requirements based on a quality management system (QMS) consisting of internally valid standard operating procedures (SOPs) and work instructions. The QMS is supplemented by templates for situational use in order to constantly strive to maintain the software’s quality. The QMS’s guiding principle was the ISO 9001:2015 standard, which has been supplemented by various building blocks (such as some aspects of BSI 200-2) and governs our internal workflows.
Our working principles are further aligned with relevant standards and guidelines such as ICH GCP (E6), the 2022 renewed ISPE guideline GAMP5 (specifically CSV) and EU GMP Annex 11 (“computerized systems”). Our risk-based approach and software development process follow an agile implementation of the “V-model” according to GAMP5 (2022) and are validated according to the requirements and the resulting risks. We are further audited regularly by (pharma) customers as well as external reviewers.
We also keep an eye on the American requirements of the FDA, which manifest themselves in 21 CFR (Part 11) and HIPAA. Here, we try to support our customers in using our software in compliance with the respective requirements. If you have additional validation needs in terms of FDA-based requirements, EU/EMA directives or GxP, please contact us. We regularly conduct research on new EU legislation and critically discuss our development in this context.
Of course, as an EU-based company, we are also compliant with the requirements introduced and stated by the GDPR. Data protection is a key principle for us, which is why we not only provide our customers with an up-to-date data processing agreement, but also regularly raise our employees’ awareness of the issue by means of requiring training on internal data protection guidelines. We also have a data protection concept and an internal security concept for our software. Both concepts are further improved by regular penetration tests (PEN) and data protection audits.