Compliance & Trust
You Can Rely On.
Since 2019 we enable global enterprises in the Life Sciences Industry in their UDI compliance journey. Trust is more than a promise - it’s our foundation. We are committed to safeguard your data, ensure compliance, and provide transparency at every step.
Built on Trust.
Driven by Compliance.
We prioritize your security and privacy. Our robust compliance framework ensures that your data is protected under the highest standards.
Certifications and Compliance Standards
Our UDI solutions meets rigorous global standards to ensure your data is secure and your compliance needs are met.
Data Protection and Privacy Measures
Advanced encryption, secure multi-tenancy, and GDPR compliance to safeguard your sensitive information.
Responsible Disclosure and Incident Response
Proactive measures and a dedicated team
to address potential security issues swiftly and transparently.
Strictly Regulated
Data Access
Access to data at p36 is strictly limited to authorized personnel and consistently follows the principle of least privilege.
Multi-Layered Security Architecture
We use a multi-layered security approach with additional controls to ensure resilience in critical situations.
Consistent Security
Measures
We apply our security measures consistently company-wide to ensure comprehensive threat protection.
Global Standards.
Trusted Compliance
We are ISO 9001 and ISO 27001 certified, ensuring the highest standards of quality management and information security. Together with GDPR compliance, we are dedicated to protecting your data and maintaining operational excellence.
Strictly Regulated Data Access
Access to data at p36 is strictly limited to authorized personnel and consistently follows the principle of least privilege.
Multi-Layered Security Architecture
We use a multi-layered security approach with additional controls to ensure resilience in critical situations.
Consistent Security Measures
We apply our security measures consistently company-wide to ensure comprehensive threat protection.
Continuous Improvement
We continuously improve our security measures to stay flexible and up to date with new challenges and threats.
Contracts & Legal
Terms of Service
Privacy Policy
Subprocessors
Service Level Agreement
Data Processing Agreement
Technical & Organizational Measures
Documents Available
on Request
For security and confidentiality reasons, these documents are available for registered users only. After your registration including the Free Trial phase you can request the following documents.
Access Control Policy
Business Continuity Policy
Code of Ethics and Business Conduct
Information Security Policy
FAQ
Find answers to your security and privacy questions below.
Yes, Data is encrypted in transit (TLS 1.2) and at rest (AES-256).
Our primary data center is AWS Frankfurt, Germany (EU10). For further details, please refer to our list of subprocessors.
For security and confidentiality reasons, these documents are available for registered users only. After your registration including the Free Trial phase you can request the following documents.
Please report any security vulnerabilities or bugs by contacting us at support@udihub.io. We take security seriously and appreciate your feedback.
Depending on the Service Plan, our products support the implementation of Single Sign-On (SSO) and Two-Factor Authentication (2-FA). Customers can choose and configure the security features that best meet their requirements.
All new employees receive comprehensive training on data protection and information security during onboarding. Ongoing annual awareness training is conducted to ensure continued compliance and awareness.
Yes, we have established Business Continuity and Disaster Recovery Plans, regularly tested for effectiveness. All relevant personnel are trained in incident management procedures.
Our services process personal data such as name and email address - no sensitive data is processed. For detailed information on the types of personal data processed, please refer to our Privacy Policy and Data Processing Agreement, available on this page.
We employ an anti-malware solution and a firewall. Critical systems are continuously logged and monitored for suspicious activity.
Yes, we enforce a robust password policy, including immediate password changes if a breach is suspected, minimum password length and complexity requirements, and use of a password manager. Systems are continuously monitored for suspicious events, and 2-FA is implemented where applicable to reduce risk.
Yes, all critical service providers undergo security and quality assessments before onboarding and are reviewed at least annually through a documented process, including corrective actions as needed.
Yes, our Asset Management Policy ensures all physical, virtual, data, and software assets are identified, documented, assigned an owner, and regularly reviewed. Asset management processes are maintained in Jira Assets.
Yes, we maintain strict physical security measures, including locked entrances, video surveillance, restricted access to sensitive areas, visitor management, and smoke alarms with marked escape routes. For further details, please refer to our Technical and Organizational Measures.
Yes, our formal change management program ensures all changes are managed through documented procedures, including risk assessment, approval, implementation, and post-change review, with tracking in Jira for transparency and compliance.
Our solutions utilize a role-based access control (RBAC) model, assigning permissions based on predefined roles to ensure users can only access data relevant to their responsibilities.
We ensure GDPR compliance through technical and organizational measures in line with Article 32 of the GDPR, including access controls, regular reviews, encryption, pseudonymization, backup, disaster recovery, incident response, employee training, Data Protection Officer appointment, effectiveness reviews, and ISO 27001 certification. Our Privacy Policy and Data Processing Agreement provide detailed information about data processing.
Our data is primarily stored in Germany. In certain cases, data may be transferred to third countries. Please refer to our list of subprocessors for details.
We adhere to strict regulatory standards, including ISO 27001 and GDPR. Our compliance team regularly audits our processes to ensure we meet all necessary requirements. This commitment helps us maintain the highest level of data integrity and security.
Responsible disclosure is our policy for reporting security vulnerabilities. We encourage researchers to report any issues they find, allowing us to address them promptly. This collaborative approach enhances our overall security posture.
You can reach our security team via support@udihub.io. We are committed to responding to inquiries promptly. Your concerns about security and privacy are our top priority.