Security
Mayet's security posture is led by our CTO, Neyts Zupan, who co-founded Pareto Security, a device compliance tool, and helps run BSides Ljubljana, a community security conference. Our practices are applied consistently across every product and every environment we operate.
- Our products run on enterprise-grade cloud infrastructure with a proven security track record. Single-tenant and on-premise deployments are available for enterprise clients.
- All customer data is encrypted in transit and at rest. For studies with elevated sensitivity, we offer application-level encryption and customer-managed keys.
- Our codebase maintains near 100% automated test coverage. Continuous integration blocks regressions before any change reaches production.
- Dependencies are upgraded on a quarterly schedule, with out-of-band patches issued for any high-severity disclosure.
- Every workstation that touches our infrastructure runs an automated daily check against our internal security baseline.
- We invite the security community to responsibly disclose any issues they identify in our products.
If you have identified a potential security issue, please review our responsible disclosure policy or send an encrypted email.
Compliance
The regulatory frameworks that govern clinical research, including 21 CFR Part 11, ICH E6(R3), EudraLex Annex 11, and GDPR, inform Mayet's software architecture from the data model upward. Compliance is treated as a design constraint, not a feature added after release.
To provide independent assurance of our technical controls, Mayet holds the National Cyber Security Centre's Cyber Essentials Plus certification, audited by an accredited third party.
Cyber Essentials Plus
An independently audited UK government-backed certification covering technical controls across firewalls, secure configuration, user access, malware protection, and patch management.
Regulatory alignment
Our products are designed to support the regulatory requirements that govern clinical research:
- 21 CFR Part 11. Electronic records and signatures are protected through comprehensive audit trails, system validations, controlled user access, and tamper-evident storage.
- Good Clinical Practice (GCP). Trial data and the records required for the Trial Master File are preserved with the integrity expected by regulatory inspectors, safeguarding patient rights and the accuracy of research data.
- EU GDPR and UK GDPR. For research conducted within or involving the European Union and United Kingdom, our products implement the data protection and privacy controls required by the regulations.
- ICH E6(R3) Guidelines. A risk-based, fit-for-purpose approach to data quality management, aligned with the latest revision of the ICH GCP guideline.
- EudraLex Annex 11. Validation, change control, and operational integrity practices that meet European Union expectations for computerised systems used in GxP-regulated activities.
Data integrity
Mayet upholds the ALCOA principles for data integrity: records are Attributable, Legible, Contemporaneously recorded, Original (or a true copy), and Accurate.
Contact
For security and compliance enquiries, please use the channel most appropriate to your request:
- For general security or compliance questions, please use our contact form.
- For confidential correspondence, please send an encrypted email to security@mayetrx.com using the PGP key published in our security.txt.
- For vulnerability reports, please review our responsible disclosure policy before submission.