Security
ISO 27001:2013 inclusive of ISO 27017:2015
ISO 27001:2013 is a risk-based set of information security requirements that require an organization to have a well-structured Information Security Management System (ISMS). Maintenance of the system requires annual audits by external auditors, ongoing risk assessments, and continuous improvement of the system.
ISO 27017:2015 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO/IEC 27002 and ISO/IEC 27001 standards. This code of practice provides additional information security controls implementation guidance specific to cloud service providers.
TraceLink's Information Security Management System (ISMS) has been independently verified to meet the requirements of both of these standards.
TraceLink’s ISO 27001 certificate is available here.
Additional information on ISO 27001 can be found here.
SOC 2 / ISAE 3000
A SOC 2 Report is based upon the Trust Service Criteria (TSC) and performed under AT-C 105 and 205, and includes detailed description of the audit scope, the controls implemented to meet the selected TSC, description of tests performed, and results or opinion on the description of the system. Additional controls were included to ensure coverage with the ISAE 3000 framework for our international customers.
TraceLink has selected the Common Criteria/Security, Availability, and Confidentiality Trust Services Criteria for this attestation.
A Type II exam was conducted for the Track & Trace Services (T&TS) environment. A copy of the Confirmation of Audit Opinion Letter is available here.
A Type I exam was conducted for the Opus environment. A copy of the Confirmation of Audit Opinion Letter is available here.
To request a confidential copy of TraceLink's SOC 2 / ISAE 3000 report, please email artifact-request [at] tracelink.com (artifact-request[at]tracelink[dot]com).
Additional information on SOC 2 can be found here.
Additional information on ISAE can be found here.
Certificate of Cybersecurity Assessment
CyberVadis is a leading platform specializing in third-party cybersecurity risk assessments. Established in 2018, it has become a trusted solution for numerous international companies aiming to mitigate cyber risks within their supply chains. The platform offers a reliable, scalable, and managed solution to assess and manage the cybersecurity maturity of vendors. The assessment methodology is based on international standards and frameworks, ensuring a comprehensive evaluation of information security management systems.
TraceLink has achieved a 946/1000 score in the cybersecurity assessment, scoring Mature.
View the CyberVadis Certificate here.
Quality
ISO 9001:2015
ISO 9001:2015 is a well-known international standard relating to quality management. This certification signifies that an organization has the ability to consistently provide products and services via a risk-based approach that meets customer and regulatory requirements. TraceLink’s Quality Management System (QMS) has been independently verified to meet the requirements of this standard.
TraceLink’s ISO 9001 certificate is available here.
Additional information on ISO 9001 can be found here.
Standards
GS1 US Rx EPCIS Conformance Testing
The GS1 US Rx EPCIS Conformance Testing Program is designed to ensure the interoperability and compliance of data exchanges within the pharmaceutical supply chain, as required by the Drug Supply Chain Security Act (DSCSA). This voluntary program tests and certifies that EPCIS messages sent by participants meet GS1 standards, supporting accurate and reliable traceability of pharmaceutical products from manufacturers to dispensers. By achieving the conformance trustmarks, participants demonstrate their commitment to maintaining high standards of data integrity and supply chain security.
View on GS1 or read more about the GS1 US Rx EPCIS Conformance Testing Program.