TriloDocs processes submission-critical clinical study data. Our compliance programme is independently certified, continuously monitored through internal audit checks, and covers the frameworks that matter to regulated pharma environments.
All certifications are maintained through continuous control monitoring via internal audit checks. Certificates and full audit reports are available to enterprise customers on request.
Information Security Management System — independently certified. Full scope covering infrastructure, applications, and all systems involved in delivering the TriloDocs service.
● CurrentSecurity, Availability, and Confidentiality trust service criteria — Type 2 report covering design and operating effectiveness over a 12-month audit period.
● Current · Type 2Annual third-party web application penetration test. All findings from the most recent engagement have been remediated and independently confirmed closed.
● Annual cadenceAll documents are active, version-controlled, managed through internal audit checks, and reviewed on a defined cadence. Enterprise customers may request copies under NDA.
These are not policy commitments alone — they are enforced at the infrastructure and architecture level.
All production systems processing client data are hosted in AWS eu-west-2 (London). Clinical study data does not leave the UK region.
Encrypted in transit (TLS 1.2+) and at rest (AES-256). No unencrypted data paths exist in the production environment.
MFA enforced across all production access. Access rights reviewed regularly and revoked immediately on offboarding.
Clinical study data is never used for model training or improvement. Contractually enforced with all sub-processors handling client data.
All third parties that may process client data are security-assessed prior to approval and operate under a Data Processing Agreement or equivalent safeguard.
Clinical data is retained for the duration of the engagement only and deleted securely on contract conclusion or on request.
For enterprise customers, QA leads, and security teams evaluating TriloDocs. SOC 2 reports and policy documentation are available under NDA.