GxP Compliant Archive
GxP Compliant Archive
Digital archive compliance is complex. Complying doesn’t have to be. Arkivum’s compliance features provide peace of mind and help your sensitive digital records and data be permanently inspection-ready.
Wide range of features to support regulated customers including audit trails
Each major release undergoes Computer Systems Validation (CSV)
Quality Management at the heart core of Arkivum
Secure Regulated Long-Term Data Storage
Highly regulated long-term data is at constant risk of inspection. Critical findings can cause significant and costly delays to commercial operations and negatively impact relationships with regulators.
As regulations evolve and inspector’s expectations shift, it’s critical to have a solution which supports organisational inspection readiness and preparedness.
A well-maintained digital archive, with a complete suite of regulatory features, will not only derisk negative inspection findings but significantly reduce the amount of time and effort that it takes to prepare your data prior to an inspection.
The Arkivum solution has an array of features to support regulated organisations in complying with their retention requirements (e.g. EU CTR, FDA CFR 21 Part 11 & ICH E6(R3)). This ranges from ensuring data is protected within the archive to capturing a complete audit log of actions taken by users within the archive.
The Arkivum solution has been developed in line with regulations in mind
Features include:
- Data is fully encrypted while it remains within the archive
- Data immutability to ensure content cannot be modified within the archive.
- Capture complete audit trails of who has accessed or downloaded content within the archive
- Retention rules can be applied to any dataset to notify users of expiration. It is also possible to apply legal holds to any records with an associated retention rule if required.
- Managed access controls for users. This includes the creation of temporary users such as providing access for inspectors during an audit. Optional single sign-on (SSO) capability is available if required.
- Each major release is validated to support GxP customers. This includes the release of associated validation packs.
- Arkivum is also certified in ISO 9001 and 27001. You can access the certifications here.
See all these features in action by clicking through our guided demo below.
Data Archive Regulatory FAQs
How do I access the audit trail?
The audit trail report is viewable directly within the system and can also be exported if required. It is also possible to view audit information for individual files within the system, in the file view.
What information is captured within the audit log?
The audit logs capture all user actions within the system including which records have been viewed, any changes that are made and upload/export actions.
Can I import my existing audit trail into the Arkivum system?
Yes, it is possible to import an existing audit trail into the Arkivum system and for it to appear within the system’s audit log. It is also possible to store the audit trail separately if preferred.
What security do you have in place to protect my data?
Arkivum provides a secure software solution that is hosted in AWS. All users are required to authenticate, either using local accounts or via SSO integration, which can support Azure AD, Okta and a range of other SAML2 or OpenID Connect options. MFA is supported for local accounts or via SSO integration.
All users are also assigned to roles and groups that authorise what data they can access, what functionality they can use, and whether their actions such as ingest, export or deletion require approval by other users before they are executed.
The solution is deployed in AWS and follows AWS security best practices, for example by using VPNs, Security Groups, Load Balancers and firewalls to partition the solution and control access.
Security is an integral part of Arkivum’s Software Development Life Cycle (SDLC) and is included in Arkivum’s ISO 27001 and 9001 policies and procedures (SoPs) within our Quality
Management System (QMS). This includes security by design, internal peer review, automated code analysis, Computerised Systems Validation (CSV) that the software solution meets security requirements and regular penetration testing.
Arkivum’s approach to security is audited regularly (ISO 27001, 9001 and GxP audits by customers).
Please contact us for more information.
How does your system support GDPR compliance?
A Data Protection Agreement is part of the Arkivum contract. Arkivum’s QMS includes a Data Protection Policy and Arkivum staff are trained in Data Protection requirements. Arkivum is also registered with the UK ICO.
When Arkivum makes use of third parties as sub-processors, for example, cloud infrastructure providers such as AWS, Arkivum ensures these third parties also meet Data Protection requirements. Customer data is processed and stored in specific and known AWS locations that are agreed upon with customers to meet customer constraints on where their data is allowed to be processed, for example, if there are constraints that data should always remain within the EU. Full details of our privacy policy are available.
Can you set retention policies for records and files?
Yes, it is possible to set retention policies in place within the systems. It is also possible to place legal holds on these periods if required.
Can you edit documents in the archive?
To support data immutability, it is not possible to edit documents within the archive.
Depending on a user’s access level, they may be able to edit metadata or export a file to edit if required. These actions would all be captured within the audit trail report within the system.
Can Arkivum delete files for us?
Arkivum won’t delete your files routinely, this will need to be performed by users with the correct permissions as part of the controlled deletion workflow. Arkivum does provide a decommissioning service, whereby your system and all data will be removed and a certificate of deletion issued.
Do you support Two Factor Authentication (2FA)?
Yes, Arkivum supports 2FA as standard.
Do you support Single Sign On (SSO)?
Yes, Arkivum supports SSO.
