Rescop RC-QMS – Security and GDPR

  • Rescop meets the most extensive compliance standards
  • Rescop utilizes Microsoft’s Azure secure cloud services
  • Rescop’s platform and infrastructure undergo routine pen-tests and are monitored continuously by dedicated teams
  • Rescop complies with GDPR as a data processor in the provision of Rescop’s services to its customers

An Industry Standard

Rescop is the digital paperless pioneer in a GxP Compliance world. Founded in 2005, Rescop’s Quality Management Suite (RC-QMS) is used by companies worldwide, spanning all industries, platforms and sizes.

Hosting and Infrastructure

Rescop’s Software-as-a-Service (SaaS) solution is available for private clouds utilizing top-tier secure cloud services provided by Microsoft Azure.

Microsoft Azure

In a world where data breaches are daily occurrences and regulatory requirements for protecting data are increasing, it’s essential for organizations to choose a cloud service provider that makes every effort to protect customer data. Microsoft is committed to the highest levels of trust, transparency, standards conformance, and regulatory compliance. Our broad suite of cloud products and services are all built from the ground up to address the most rigorous security and privacy demands of our customers.

To help organizations comply with national, regional, and industry-specific requirements governing the collection and use of individuals’ data, Microsoft provides the most comprehensive set of compliance offerings (including certifications and attestations) of any cloud service provider.
https://www.microsoft.com/en-us/trustcenter/compliance

Compliance

Rescop is ISO 27001:2013 certified for Information Security and ISO 9001:2015 Certified for Quality Management.

Penetration Tests and Monitoring

Rescop’s front and back-end applications, as well as its IT infrastructure undergo routine annual pen-tests. This is done in addition to Microsoft’s own independent tests, periodic internal tests, and 27/4 monitoring of security-related events by dedicated teams.

Certifications and Accreditations

Security

ISO 27001 Information Security Certification

Rescop received the International Organization for Standardization Certification for Information Security (ISO 27001:2013). The audit evaluated Rescop’s information security management system from product, infrastructure and organizational aspects, and verified that Rescop has the necessary information security controls in place to ensure the confidentiality, integrity and availability of sensitive information assets.

Rescop’s alignment (as verified by a third-party assessment) with this internationally recognized code of practice demonstrates Rescop’s commitment to the privacy and protection of customers’ content. By following the standards of ISO/IEC 27001, Rescop demonstrates that its privacy policies and procedures are robust and in line with its high codes of practice, namely:
Rescop customers know where their data is stored.
Customer data won’t be used for marketing or advertising without explicit consent.
Rescop customers know what’s happening with their Privacy data.
Rescop will comply only with legally binding requests for disclosure of customer data.

ISO 27032 Guidelines for Cybersecurity
Rescop is ISO/IEC 27032 complying to guidelines for Cybersecurity. ISO/IEC 27032:2012 provides guidance for improving the state of Cybersecurity, drawing out the unique aspects of that activity and its dependencies on information security, network security, internet security, and critical information infrastructure protection (CIIP) domains. By complying, Rescop facilitates a secure and reliable collaboration that protects the privacy of our customers and helps to prepare, detect, monitor, and respond to cybersecurity incidents.

GxP Compliance

GxP is a general abbreviation for “good practice” guidelines and regulations. Technology systems that support GxP processes such as Good Laboratory Practices (GLP), Good Clinical Practices (GCP), and Good Manufacturing Practices (GMP) require validation and qualification of adherence to GxP requirements. Solutions are considered qualified when they can demonstrate the ability to fulfill GxP requirements.

RC-QMS GxP Compliance

Our fully web based solution, which runs on the common browsers and is cross-platform compatible to allow for use on any device type, including pc’s, laptops, tablets and smartphones. Our solution will help you to establish and maintain a GxP-compliant and reliable IT infrastructure and application landscape for continuous business operations. The RC-QMS suite is developed according GxP regulations and fully tested before delivering to customers in a pre-validated way.

Rescop quality management suite RC-QMS forms a comprehensive solution for quality and compliance management within regulated industries. It contains products for all key quality management processes, and these products have been designed in such a way that they integrate seamlessly with each other, to enable an efficient and fully paperless quality management system.
RC-QMS is a full solution for ensuring permanent inspection readiness in an efficient way. Moreover, RC-QMS enables paperless validation and compliance.

Cloud GxP Compliance

Organizations building GxP solutions on Azure can take advantage of the cloud’s efficiencies while at the same time helping protect patient safety, product quality, and data integrity. Customers also benefit from Azure’s multiple layers of security and governance technologies, operational practices, and compliance policies to enforce data privacy and integrity at very specific levels.

The Azure GxP qualification guidelines give customers the tools they need to build on Azure’s security foundation by providing:

·         The shared responsibilities between Microsoft and Rescop for meeting GxP requirements
·         Documentation of the extensive controls implemented as part of Azure’s internal development of security and quality practices
·         Visibility into crucial areas of internal Azure quality management, IT infrastructure qualification, and software development practices
·         Descriptions of GxP-relevant tools and features within Azure

We are partnering with Azure to make cloud-based systems a safer, more efficient model for driving innovation and maintaining regulatory compliance.

For more information: https://aka.ms/gxpcompliance

Privacy – General Data Protection Regulation

Rescop complies with GDPR as a data processor in the provision of Rescop’s services to its customers. In addition, we are devoted to helping our customers with their GDPR compliance processes by providing robust privacy and security protections built into our services and contracts.
By default, Rescop does not collect personally identifiable information (PII) other than IP addresses in logs for security purposes, end-users’ approximate geolocation (country and city in which they are located) and masked IP addresses for the ongoing operation of the Rescop systems. Moreover, Rescop collects and transfers environment properties such as browser and OS, page URL, and title.

Operations and Access Control

Security Measures

·         All the client files in RC-QMS are encrypted in rest state.
·         All RC-QMS files are encrypted in transit state.
·         Privacy information columns in the database of RC-QMS are encrypted.
·         The RC-QMS security log is recording information about the users Session, Browser, Agent, External and Internal IP
·         All RC-QMS servers are under change control.
·         All RC-QMS servers are under access control.
·         External Backups are taking and stored encrypted on off-site servers.

Monitoring & Auditing

Intrusion Prevention and Detection

Rescop has an extensive Security Information and Event Management system (SIEM), that collects security audit trail logs across infrastructure components in industry standard formats (CEF and Syslog) using an Intrusion Detection System and for analysis and control.

Rescop’s SIEM alerts are based on comprehensive pre-defined scenarios, including identification of suspicious signs such as failed login attempts, logins from unknown and off-premise IP addresses or logins during off-hours.

SIEM alerts are monitored 24/7 by Rescop’s Security Operations Center (SOC) team. The SIEM prioritizes all alerts, notifies the (SOC) team in real time and escalates them according to severity.

Access Control

User Management and Permissions

Rescop’s platform has an integrated, comprehensive role-based user management and enforcement system.
Assigning roles to users requires authorization from the relevant parties in Rescop, and application permissions are granularly controlled per action and screen.

Rescop’s internal corporate access control is centrally and manually managed based on strict need-to know and least-privileged principles on all levels: Application (strong authentication), Network (segmentation, firewall), Platform (access to servers), and procedural (who’s authorized to review/approve code, manage changes, etc.).

All internal duties within Rescop are segregated based on duties between R&D (code development), ITS (deployment), Support, and Security (security controls). Periodic access reviews are done by internal audit, including but not limited to: firewall rules, user accounts permissions etc.

Overall Conclusion

Rescop as the developer of RC-QMS, backed with an uncompromising commitment to GxP, security and privacy, is trusted by companies worldwide. Rescop makes sure to comply with corporate, governmental and (inter)national regulations, maintaining and abiding by the strictest requirements, regulations and security measures at all levels – from its staff, through infrastructure and down to the finest details of its products and procedures.

Rescop has received the most demanding international certifications ISO 27001 and ISO 9001, and offers its customers the ability to enforce corporate governance internally, while providing an overarching security umbrella – hosting Rescop’s environments with top-tier cloud providers, actively monitoring customer security 24/7, and performing periodic pen-tests on Rescop’s platforms including IT infrastructure.

Rico R. van Zundert
Chief Information Security Officer

Rescop
“GxP compliance services and solutions”