Is Biocore compliant with 21 CFR Part 11?

Yes. Biocore's platform supports 21 CFR Part 11 compliance requirements including electronic records and electronic signature controls. The platform includes audit trails, access controls, and validation documentation packages to support pharma compliance teams.

Does Biocore support GxP validation?

Yes. Biocore provides GxP validation documentation including Installation Qualification (IQ), Operational Qualification (OQ), and Performance Qualification (PQ) documentation packages. These are available to enterprise customers to support vendor qualification under GxP requirements.

How do I request compliance documentation from Biocore?

Enterprise customers can request SOC 2 Type II reports, GxP validation documentation, and vendor qualification questionnaires by contacting hello@biocore.com with the subject line 'Compliance Documentation Request'. Most documentation is provided within 5-7 business days.

Does Biocore provide a SOC 2 Type II report?

Yes. Biocore maintains a SOC 2 Type II audit report covering security, availability, and processing integrity. The report is available to enterprise customers under NDA upon request. Contact the Biocore compliance team, and the report is typically delivered within five to seven business days.

What audit trail capabilities does Biocore provide?

Biocore captures immutable, timestamped audit trails for all data access and API calls, with user attribution, action type, and timestamps. These trails support 21 CFR Part 11 and ALCOA+ requirements. Enterprise customers can export audit logs for inspection readiness and internal compliance reviews.

How does Biocore handle data residency requirements?

Biocore offers data residency options to meet GDPR and regional data-sovereignty requirements, including EU-hosted deployment for customers processing EU personal data. Contact the Biocore team during onboarding to configure residency for your jurisdiction.

What validation documentation does Biocore provide for GxP environments?

Biocore provides IQ, OQ, and PQ protocol templates, a validation summary report template, change control notifications, and a 21 CFR Part 11 feature matrix. Enterprise customers receive a vendor qualification package including the SOC 2 Type II report and security questionnaire responses.

How does Biocore support 21 CFR Part 11 compliance?

Biocore's platform includes audit trails with user identification and timestamps, access controls with role-based permissions, and data integrity controls ensuring records cannot be altered retroactively. Biocore provides IQ/OQ/PQ validation documentation and a Part 11 feature matrix to support customer validation activities.

What is Biocore's data breach notification process?

Biocore follows a 72-hour breach notification protocol aligned with GDPR requirements. In the event of a confirmed breach, Biocore notifies affected enterprise customers within 72 hours with incident details, affected data scope, and remediation steps. A dedicated security response team manages all incidents.

GxP Compliance & Validation

Compliance &
Validation Support

Biocore's regulatory intelligence infrastructure is built for the highest compliance standards. Comprehensive documentation and validation support for pharma teams deploying in GxP-regulated environments.

Request Documentation Schedule a Demo

SOC 2 Type II

21 CFR Part 11

GxP Validated

AES-256

GDPR

SOC 2 Type II

Security controls audit

21 CFR Part 11

Electronic records & signatures

GxP Validation

IQ / OQ / PQ documentation

FDA Inspection

Documentation & support

AES-256

Encryption at rest & in transit

GDPR

EU data protection compliance

Enterprise

Request Compliance Documentation

SOC 2 reports, GxP validation packages, and VQQ — available to enterprise customers.

Request Documentation

Security

Security Standards

Security

SOC 2 Type II Report

Biocore maintains security controls aligned with SOC 2 Type II standards. Security documentation is available for enterprise customers to support vendor qualification and security assessments.

Available Documentation

SOC 2 Type II audit report (under NDA for enterprise customers)

Security control documentation

Penetration testing reports (summary available)

Security assessment questionnaires

Request Process: Contact [email protected] for SOC 2 reports. Provided within 5–7 business days. A non-disclosure agreement (NDA) may be required.

Encryption

Data Encryption

All data is encrypted at rest and in transit using AES-256 and TLS 1.2+. Encryption controls are applied uniformly across stored regulatory data, backups, and API communications.

Encryption Controls

AES-256 encryption for all data at rest

TLS 1.2+ for all data in transit

Encrypted backups with managed key rotation

API communications secured end-to-end

Data Privacy

GDPR Compliance

Biocore's platform and data handling practices are designed with GDPR requirements in mind. Data processing agreements (DPAs) are available for enterprise customers operating under EU data protection obligations.

Data Protection Measures

Data Processing Agreements (DPAs) available on request

EU data residency option for GDPR-regulated deployments

Data subject request support and documented procedures

Privacy-by-design principles applied across platform

Sub-processor disclosure available to enterprise customers

DPA Requests: Contact [email protected] to request a Data Processing Agreement.

GxP & Regulatory

Regulatory Compliance Frameworks

FDA

21 CFR Part 11 Feature Matrix

Biocore Services are designed to support 21 CFR Part 11 compliance requirements for electronic records and electronic signatures.

Available Features

Audit Trails — comprehensive logging of all system activities

Access Controls — user authentication and role-based access

Electronic Signatures — support for Part 11 Subpart C requirements

Data Integrity Controls — mechanisms to prevent unauthorized modification

Data Provenance Tracking — complete lineage and history of changes

Record Retention — configurable data retention policies

Detailed Specifications: Contact [email protected] for detailed feature documentation.

Important: Biocore provides the tools and infrastructure to support compliance, but Customer must validate and operate the system in accordance with applicable regulations. See Terms of Service Section 7.

GxP

System Validation Documentation Package

Biocore provides comprehensive validation documentation packages to support your GxP validation process — facilitating IQ, OQ, and PQ protocols.

Documentation Package Includes

IQ Protocols — Installation Qualification protocols and test scripts

OQ Protocols — Operational Qualification protocols and test scripts

PQ Protocols — Performance Qualification protocols and test scripts

Validation Summary Report — template for validation summary reporting

System Documentation — architecture, data flow, security controls

Change Control Procedures — system update and validation impact procedures

Request Process: Contact [email protected] for validation documentation packages. Typically provided within 7–10 business days.

Important: Customer is solely responsible for system validation. Biocore provides documentation to facilitate validation but does not provide regulatory consulting or validation services. See Terms of Service Section 7.

Audit

Audit Trail Specifications

Comprehensive audit logging and monitoring capabilities to support compliance tracking and regulatory inspection requirements.

Audit Trail Capabilities

Comprehensive Logging — all system activities and data changes

User Identification — all actions attributed to specific users

Timestamp Precision — compliant with GxP requirements

Action Tracking — modifications, deletions, and access attempts

Reason for Change — change reason tracking where applicable

7-Year Retention — audit logs retained for GxP compliance

Tamper-Evident — audit logs protected against unauthorized modification

Export Capabilities — logs exportable for regulatory inspection

Detailed Specifications: Contact [email protected] for logging format, retention policies, and export capabilities documentation.

Signatures

Electronic Signature Specifications

Support for electronic signature requirements designed to meet 21 CFR Part 11 Subpart C compliance.

Electronic Signature Capabilities

Signature Capture — electronic signature capture mechanism

Signature Information — printed name, date/time, and meaning captured

Record Linking — signatures linked to records and cannot be disassociated

Tamper-Evident — signatures protected against unauthorized modification

Authentication — user authentication required before signature capture

Detailed Specifications: Contact [email protected] for implementation details and Part 11 Subpart C compliance documentation.

Important: Customer is responsible for proper use of electronic signatures and adherence to applicable GxP and FDA regulations. See Terms of Service Section 7.

Operations

Operations & Infrastructure

Resilience

Data Backup & Disaster Recovery

Comprehensive data backup and disaster recovery procedures to ensure data availability and business continuity.

Backup & Recovery Capabilities

Backup Frequency — regular automated backups with configurable frequency

Data Retention — policies aligned with compliance requirements

Disaster Recovery — comprehensive disaster recovery procedures

RTO — Recovery Time Objective specified in SLA

RPO — Recovery Point Objective specified in SLA

Business Continuity — continuity planning and documented procedures

Detailed Specifications: Contact [email protected] for backup frequency, retention policies, RTO/RPO, and continuity procedures.

SLA: Specific backup and disaster recovery commitments are detailed in the Service Level Agreement provided with your Order Form. See Terms of Service Section 1.

Qualification

Vendor Qualification Questionnaire (VQQ)

Biocore provides Vendor Qualification Questionnaires and equivalent documentation to support pharmaceutical vendor qualification processes.

Available Documentation

Standard Vendor Qualification Questionnaire (VQQ)

Security assessment questionnaires

Compliance documentation summaries

System capability documentation

Request Process: Contact [email protected] to request VQQ documentation. Typically provided within 5–7 business days.

FDA

FDA Inspection Support

Biocore provides reasonable cooperation and support during FDA inspections of Customer facilities, including system documentation, validation materials, and technical support.

Inspection Support Includes

System documentation and validation materials

Responses to FDA inquiries about system capabilities

Technical support during inspections (with advance notice)

Audit logs and system documentation for inspection purposes

Inspection Support Process: Contact [email protected] with advance notice. See Terms of Service Section 12 for detailed provisions.

Change Management

Change Control Procedures

Controlled change management procedures to ensure system updates are managed in a manner that supports customer validation requirements.

Change Control Process

Advance Notification — minimum 30 days notice of system updates (managed hosting)

Change Control Documentation — impact assessments provided for each change

Rollback Procedures — available if updates impact validated processes

Validation Impact Assessment — provided for changes affecting validated state

Documentation Support — guidance to support GxP validation requirements

Detailed Procedures: Contact [email protected] for notification timelines, validation impact assessment process, and rollback procedures.

Self-Hosted Deployments: Customer has complete control over system updates and assumes full responsibility for validation and compliance. See Terms of Service Section 8.

Resources

Additional Resources

Enterprise Ready

Ready to start your compliance process?

Our team will provide the compliance documentation packages your organization needs, on your timeline.

Request Documentation Schedule a Demo

FAQ

Compliance FAQ

: Yes. Biocore's platform supports 21 CFR Part 11 compliance requirements including electronic records and electronic signature controls. The platform includes audit trails, access controls, and validation documentation packages to support pharma compliance teams.
: Yes. Biocore provides GxP validation documentation including Installation Qualification (IQ), Operational Qualification (OQ), and Performance Qualification (PQ) documentation packages. These are available to enterprise customers to support vendor qualification under GxP requirements.
: Enterprise customers can request SOC 2 Type II reports, GxP validation documentation, and vendor qualification questionnaires by contacting [email protected] with the subject line 'Compliance Documentation Request'. Most documentation is provided within 5-7 business days.
: Yes. Biocore maintains a SOC 2 Type II audit report covering security, availability, and processing integrity. The report is available to enterprise customers under NDA upon request. Contact the Biocore compliance team, and the report is typically delivered within five to seven business days.
: Biocore captures immutable, timestamped audit trails for all data access and API calls, with user attribution, action type, and timestamps. These trails support 21 CFR Part 11 and ALCOA+ requirements. Enterprise customers can export audit logs for inspection readiness and internal compliance reviews.
: Biocore offers data residency options to meet GDPR and regional data-sovereignty requirements, including EU-hosted deployment for customers processing EU personal data. Contact the Biocore team during onboarding to configure residency for your jurisdiction.
: Biocore provides IQ, OQ, and PQ protocol templates, a validation summary report template, change control notifications, and a 21 CFR Part 11 feature matrix. Enterprise customers receive a vendor qualification package including the SOC 2 Type II report and security questionnaire responses.
: Biocore's platform includes audit trails with user identification and timestamps, access controls with role-based permissions, and data integrity controls ensuring records cannot be altered retroactively. Biocore provides IQ/OQ/PQ validation documentation and a Part 11 feature matrix to support customer validation activities.
: Biocore follows a 72-hour breach notification protocol aligned with GDPR requirements. In the event of a confirmed breach, Biocore notifies affected enterprise customers within 72 hours with incident details, affected data scope, and remediation steps. A dedicated security response team manages all incidents.

Compliance &Validation Support

Request Compliance Documentation

Security Standards

SOC 2 Type II Report

Available Documentation

Data Encryption

Encryption Controls

GDPR Compliance

Data Protection Measures

Regulatory Compliance Frameworks

21 CFR Part 11 Feature Matrix

Available Features

System Validation Documentation Package

Documentation Package Includes

Audit Trail Specifications

Audit Trail Capabilities

Electronic Signature Specifications

Electronic Signature Capabilities

Operations & Infrastructure

Data Backup & Disaster Recovery

Backup & Recovery Capabilities

Vendor Qualification Questionnaire (VQQ)

Available Documentation

FDA Inspection Support

Inspection Support Includes

Change Control Procedures

Change Control Process

Additional Resources

Ready to start your compliance process?

Compliance FAQ

Compliance &
Validation Support