Security and Compliance
Security
At Mayet, we take security seriously. Neyts, our Tech Lead, previously launched a security app for Macs and helps run a local security conference. We stay on top of the latest best practices and apply them rigorously to maintain and enhance the security of our systems:
- Mayet is hosted by Heroku, a world-class hosting provider with a proven security track record. Single-tenant and on-premise deployments are available for enterprise clients.
- All data is encrypted in transit and at rest, with keys managed by our storage provider, Heroku. For highly sensitive studies, we can offer application-level encryption and/or key management by the client.
- Our codebase maintains a near 100% test coverage as part of our robust quality assurance measures.
- The API is served by Pyramid, a battle-tested framework used by large corporations around the world.
- We stay ahead of potential vulnerabilities by subscribing to security newsletters and conducting quarterly scheduled version bumps.
- An automated daily check runs on every computer to verify that their system is secure.
- We welcome the security community to responsibly disclose any potential issues.
Found a security issue? Please read our responsible disclosure or send us an encrypted email.
Compliance
At Mayet, we understand the importance of staying abreast of evolving standards and regulations in the clinical research industry. We continuously improve our software solutions to ensure they remain at the forefront of regulatory compliance, providing peace of mind for our clients so they can focus on advancing the boundaries of medical science.
In security, it's often hard to simply trust someone's word. We understand that demonstrating our adherence to regulations and standards is critical. This is why we've undertaken the independently verified National Cyber Security Centre's Cyber Essentials Plus certification.
Our Commitment to Compliance in Clinical Research
At Mayet, we recognise the crucial role that data security, integrity, and privacy play in clinical research. We're committed to delivering cutting-edge, reliable software solutions that meet your research's functional needs and adhere to global regulatory standards.
Our solutions are meticulously designed to ensure compliance with a wide range of regulatory requirements:
- CFR Part 11: We understand the importance of securing electronic records and signatures. Our software guarantees data accuracy and includes comprehensive audit trails, system validations, data backups, and secure user access.
- Good Clinical Practice (GCP): Our solutions prioritise the protection of trial data and accuracy of information required for the Trial Master File, protecting the rights and well-being of patients and maintaining the integrity of research data.
- Health Insurance Portability and Accountability Act (HIPAA): Patient confidentiality and data security are fundamental to our systems. While our systems do not currently handle patient data, all patient data will be managed in accordance with stringent HIPAA regulations.
- General Data Protection Regulation (GDPR): For research in or involving the European Union, we ensure the highest standards of data protection and privacy in compliance with GDPR.
- ICH E6(R2) Guidelines: Our solutions incorporate a risk-based approach to data quality management, supporting the quality and compliance of every clinical program we support.
Ensuring System Reliability Through Validation
Our robust Computer System Validation (CSV) process confirms our software's capability and reliability for its intended use. The validation process includes User Requirement Specifications (URS), Functional Requirement Specifications (FRS), Design Specifications (DS), and rigorous testing (IQ/OQ/PQ), all supported by thorough documentation.
Data Integrity
We ensure that our data is "ALCOA" - Attributable, Legible, Contemporaneously recorded, Original or a true copy, and Accurate.
Contact Us
For more information, please use the contact form or send us an encrypted email.