A Trusted Partner

At Saama, we are committed to setting and maintaining a high standard of quality, compliance, and security for our vendors, partners, and customers.

Data Analytics

ISO 27001

Saama has achieved ISO (International Organization for Standardization) 27001 certification for our Information Security Management Systems (ISMS) to ensure the confidentiality, integrity, availability and privacy of customer data. 

ISO 27001 is a globally recognized security standard that provides a guideline of the policies and controls that an organization should have in place to secure their data. The standard sets out internationally agreed-upon requirements and best practices for the systematic approach to the development, deployment and management of a risk/threat-based information security management system.

Quality Management & Regulatory Compliance

Saama is committed to continuously improve quality within the global regulatory landscape. We maintain a robust and inspection-ready Quality Management System (QMS) supported by policies and procedures to ensure that our software products and services are developed, implemented, and maintained in a manner that meets regulatory compliance and the needs and expectations of our clients. Saama’s QMS is verified through internal audits, compliance assessment reports against ICH E6, 21 CFR Part 11, EU Annex, HIPAA, and relevant state laws, as applicable. 

Saama’s risk management activities are performed throughout the project/software development lifecycle, beginning with software product concept, and continuing through to the delivery of the software to our customers, keeping data accuracy, privacy, bias mitigation, and transparency at the forefront of everything we do.

Data Privacy

We at Saama take stewardship of the patient data we’ve been entrusted with very seriously. Saama is committed to positive accountability for how we protect your sensitive clinical trial data anywhere on our platform. Privacy protection is built into the entire product and services lifecycle at Saama.  Please refer to Saama’s privacy policy for additional information.

Global Data Protection Regulation (GDPR) – EU

At Saama, we have a GDPR compliance program and enter into standard contractual clauses through data processing agreements. Saama’s GDPR program includes comprehensive reviews of business processes, systems and practices that interact with personal data.

Saama, as a Data Processor, collects and stores a minimum of personal data only as instructed by our customers (the data controller), for the purposes of delivering Saama’s services in line with Data Processing Agreements (DPAs).

HIPAA Compliance

Saama is HIPAA-compliant as a Business Associate and complies with both the privacy rule and security rule.

Saama supports customers that are subject to the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations as amended by the regulations promulgated pursuant to the Health Information Technology for Economic and Clinical Health Act, Title XIII of the American Recovery and Reinvestment Act of 2009 (collectively, “HIPAA”). Under HIPAA, companies have obligations to meet certain privacy and security standards with regard to Protected Health Information (“PHI”).

For any inquiries regarding PHI, HIPAA, security, privacy, please contact [email protected].

Information Security

Data security is paramount for Saama and our customers. Saama protects customer data with world-class physical, network, application, and data-level security. In addition, Saama invests in the most advanced and modern infrastructure available to provide an innovative, scalable, global, predictable, and secure environment.

Saama is committed to ensuring our services are available for operation and use at times set forth in service-level agreements, protected against unauthorized physical and logical access – including biometric entry authentication and 24/7/365 onsite monitoring – and that our system processing is complete, accurate, timely, and authorized.

Security Controls

Saama has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk with data following are the general example covering the brief of controls implemented:

  • Data at rest encryption: Strong Data Encryption (AES 256) during storage, use of transparent encryption where it’s applicable.
  • Data in Transit: Data is secured with SSL / TLS 1.2. Provision to enable custom cipher/encryption key mechanism for client side encryption.
  • Confidentiality: LSAC leverages AWS infrastructure and has the capability to ensure the ongoing confidentiality through system security features such as role based access for infrastructure components/services, application data store, application view layer. Role based can be configured based on functional roles, geographical locations, departments and various other parameters.
  • Data Integrity: Robust authentication mechanism, LSAC features to use SAML, OAuth, and LDAP authentication mechanism and provide seamless single sign-on in accordance with corporate security standards of our customers.
  • Audit Trail & Logs: Audit trail and usage logs are available to track and analyze access patterns.