Compliance

Policies & Regulatory Alignment

Elevora RWE is committed to maintaining the highest standards of data security, privacy, and regulatory compliance. The following outlines our posture across key frameworks.

21 CFR Part 11

FDA Electronic Records & Signatures

Version 1.2Effective January 15, 2026

Elevora RWE systems and processes are designed to support 21 CFR Part 11 compliance for electronic records and electronic signatures used in FDA-regulated activities. Our audit trails, access controls, and data integrity measures align with FDA expectations for clinical and regulatory submissions.

  • Secure, tamper-evident audit trails for all data access and changes
  • Role-based access controls with unique user identification
  • Validation documentation and standard operating procedures
  • System time stamps and version control for electronic records

HIPAA

Health Insurance Portability & Accountability Act

Version 2.0Effective March 1, 2026

We align with HIPAA requirements for the protection of Protected Health Information (PHI). Our platform implements administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of health data.

  • Business Associate Agreements (BAAs) available upon request
  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Access logging and minimum necessary access principles
  • Employee training and workforce security procedures

GDPR

General Data Protection Regulation

Version 1.5Effective May 25, 2026

Elevora RWE respects the privacy rights of individuals under the GDPR. We process personal data lawfully, transparently, and for specified purposes. Data subjects can exercise their rights through the contact channels provided below.

  • Lawful basis for processing documented per engagement
  • Data subject rights: access, rectification, erasure, portability, and objection
  • Data Processing Agreements (DPAs) available upon request
  • Breach notification procedures and cross-border transfer safeguards

SOC 2 Type II

Service Organization Control 2

Version 3.1Effective December 1, 2025

Our platform is designed and operated under a control framework aligned with SOC 2 Trust Services Criteria for security, availability, and confidentiality. We undergo regular third-party audits and maintain documentation to support customer due diligence.

  • Third-party SOC 2 Type II audit reports available under NDA
  • Continuous monitoring and incident response programs
  • Change management and secure software development lifecycle (SSDLC)
  • Vendor risk management and subservice organization oversight

Legal Notice

The information on this page describes our intended compliance posture and is provided for informational purposes. Specific representations, certifications, and audit reports should be requested through formal due diligence channels. Please contact your Elevora account representative or reach out via our Contact page for compliance documentation.