<img alt="" src="https://secure.perk0mean.com/184504.png" style="display:none;">

Trust Center

Security and Quality

Secure, reliable, and inspection-ready delivery backed by independent assurance and disciplined quality systems.

Trust Center Badges_no HIPAA

Security

4G Clinical recently received its SOC 2® report for the 12-month period ending on August 31, 2025, on our controls relevant to security, availability, and confidentiality for clinical trial services. This independent review, conducted by a certified public accounting firm, provides assurance that our systems and processes are designed and operating effectively to meet the exacting trust services criteria established by the American Institute of Certified Public Accountants. Our dedication to these principles ensures that clients can confidently rely on 4G Clinical's platform for the secure and reliable management of their critical clinical trial data.

The achievement of SOC 2 Type 2 compliance in the Security, Availability, and Confidentiality criteria underscores 4G Clinical's robust controls in safeguarding sensitive information. Our security measures protect against unauthorized access and disclosure, while our availability controls ensure that our services are consistently operational and accessible as agreed. Furthermore, our confidentiality protocols demonstrate our commitment to protecting information designated as confidential from unauthorized disclosure.

Quality

Our Quality, Legal, and Security teams regularly assess applicable worldwide regulations and guidance documents to keep up with changes and maintain compliance with regulatory frameworks. 

4G Clinical ensures compliance with 21 CFR Part 11, Electronic Records and Signatures, Annex 11 Computerized Systems (EU Annex 11), and multiple other frameworks through a comprehensive Quality Management System (QMS) that incorporates relevant standards and regulations. The team is embedded in product development and project delivery processes while maintaining independence, performing regular internal audits and readiness assessments, and tracking corrective and preventive actions for continuous improvement.

Quality System

Corrective and Preventive Actions (CAPA)

4G Clinical has implemented a comprehensive Corrective and Preventive Action (CAPA) process to handle quality events as part of our commitment to quality management. Every employee is encouraged to identify and report potential issues in accordance with continuous improvement methodologies, with quality team members overseeing the investigation and resolution process. Each quality event is categorized by severity and tracked from initial discovery through closure, ensuring thorough root cause analysis and effective corrective measures.

Data Integrity (ALCOA++)

Data integrity forms the foundation of our clinical trial excellence. We adhere to ALCOA++ principles (Attributable, Legible, Contemporaneous, Original, Accurate, Complete, Consistent, Enduring, and Available). Our quality management system implements rigorous controls, including unique user credentials, comprehensive audit trails, and strict access management, with all employees receiving annual data integrity training.

Audit Trail

Our system maintains comprehensive audit logs across more than 60 detailed audit tables, capturing every user action with timestamps, unique identification, and both old and new values for any data modifications. These human-readable reports are readily available for inspections or reviews, ensuring complete traceability and compliance with 21 CFR Part 11.

Validation

We perform thorough validation across our product infrastructure, core products, and client projects to ensure all systems meet predetermined requirements and quality attributes. Our comprehensive validation deliverables include validation plans, requirements, test scripts, traceability matrices, and statements of regulatory compliance, all maintained through a strict change control process.

User Management

Our user management system ensures secure access to clinical trial technologies through unique credentials, role-based access controls, and multi-factor authentication. Each user is assigned specific permissions matching their responsibilities, with detailed audit trails ensuring accountability and compliance with regulatory standards.

User Requirements (URS) - IRT Spec

Our IRT Requirement Specification process involves iterative development with study teams, ensuring all functionality traces back to signed specifications. We utilize natural language processing to transform specifications directly into configurable systems, allowing rapid progression from requirements to testable solutions.

Audit Support & History

Our quality team coordinates all client audits with detailed agendas provided in advance. For regulatory inspections, our Senior Vice President of Quality and Regulatory personally manages the process, ensuring immediate resolution of any observations. We maintain comprehensive audit histories and can rapidly produce validation documentation within 24 hours of request.

Change Control Process

Our change control process ensures all modifications are implemented in a controlled, documented manner once the system is validated. Changes are categorized by complexity and risk, with a thorough assessment of potential impacts and client approval required before implementation. This approach balances speed with quality while maintaining compliance with regulatory requirements.

Quarterly Reviews

We conduct regular assessments of regulations and their impact on our products and services. Quarterly governance meetings with clients review key performance indicators, including project delivery timelines, UAT defects, support resolution times, and CAPA metrics. This approach ensures continuous improvement and maintains the highest quality standards throughout our partnerships.

Security and Quality Publications

Explore best practice approaches across security, quality, and compliance. These papers summarize the standards and practices that underpin data integrity and audit readiness.

Thumbnail_Images_White_Paper

Balancing Quality and Innovation for eClinical Technology

This white paper explores how a mature Quality Management System (QMS) and Quality by Design principles create a stable foundation for sustainable innovation in Randomization and Trial Supply Management (RTSM).
View Now
Thumbnail_Images_White_Paper

Protecting the Blind

In blinded clinical trials, preserving data integrity and protecting patients hinges on mastering the hidden risks that threaten the blind.
View Now
Thumbnail_Images_White_Paper

Effectiveness Checks in the World of Software Technology Providers

Whether you're a tech leader or an industry professional, this read offers valuable insights into how your technology partners plan for success in their corrective action systems
View Now

Data Privacy

4G Clinical is registered with the EU-US Data Privacy Framework and complies with the EU-US Data Privacy Framework (“EU-US DPF”), the UK Extension to the EU-US DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-US DPF”).

We are compliant with the General Data Protection Regulation ((EU) 2016/679) (GDPR) and the California Consumer Privacy Act (CCPA) as amended, and, in the role of a data processor, will support our customers in meeting their regulatory obligations.

Sustainability

Sustainability in Action:
Creating Long-Term Value for Clients and the Planet

Environmental responsibility and operational excellence are built into how 4G Clinical designs technology, delivers studies, and partners with sponsors. By supporting smarter supply decisions and more efficient trial operations, we help reduce waste and unnecessary logistics without compromising performance or oversight.

4G Clinical is proud to support the United Nations Global Compact as part of our commitment to responsible business practice. We also complete an annual EcoVadis assessment to benchmark and strengthen our sustainability performance. In our latest rating, completed in August 2025, 4G Clinical earned a Committed Badge.

Presentation2

How 4G Clinical drives sustainable trial operations

  • Configurable resupply logic that reduces overshipment and inventory waste.

  • Drug pooling strategies that maximize usable supply across programs.

  • 4C Supply scenario modeling to improve batch planning and reduce avoidable overproduction.

  • Support for decentralized approaches, including direct-to-patient models where appropriate, to reduce avoidable site visits and shipments.

  • Track and trace oversight that reduces loss, expiry, and replacement shipments.

Transparency and accountability

  • Annual ESG reporting, including Scope 1 and 2 emissions.

  • Regular independent benchmarking through EcoVadis and aligned global standards.

  • Support for the United Nations Global Compact and its principles on human rights, labour, environment, and anti-corruption.

FAQs

Is 4G Clinical HIPAA compliant?

PHI and the HIPAA privacy rule is about preserving the privacy of an individual, of their "individually identifiable health information", as explained in Methods for De-identification of PHI | HHS.gov. 4G Clinical receives only pseudonymized subject IDs and does not have the information necessary to deanonymize any subject to a known individual.

Is 4G Clinical a covered entity under HIPAA? Is 4G Clinical a business associate?

A covered entity is defined as one of health care provider, health insurance, or health care clearinghouse. A business associate is one who performs certain functions on behalf of a covered entity. 4G Clinical is neither a covered entity nor a business associate as it receives de-identified information.

Is 4G Clinical registered with Privacy Shield or its successor, the Data Privacy Framework (DPF)?

4G Clinical is registered as an active participant in the Data Privacy Framework (DPF) program, enabling compliant personal data transfers from the EU, UK, and Switzerland to the United States. We have certified our adherence to the EU-US Data Privacy Framework Principles, the UK Extension, and the Swiss-US DPF Principles with the U.S. Department of Commerce. In cases of conflict between our privacy policies and DPF Principles, the DPF Principles govern. You can find out more in our privacy policy here: https://www.4gclinical.com/legal

Do you have a designated representative in the EU as required under GDPR Article 27?

4G Clinical has offices in Europe, including an establishment in The Netherlands (an EU Member State), and is therefore not required to designate a representative under GDPR Article 27.



Does 4G Clinical have documented procedures for receiving, processing, and responding to Personal Data Subject Requests submitted by clinical trial subjects to exercise their rights under GDPR?

4G Clinical has documented procedures for receiving, processing, and responding to Personal Data Subject Requests submitted by clinical trial subjects to exercise their rights under GDPR. As a data processor, 4G Clinical assists data controllers (study sponsors) in fulfilling their GDPR obligations under Article 28. Since 4G Clinical does not have direct relationships with study subjects and receives only pseudonymized study subject IDs, any data subject requests received from study participants are forwarded to the study sponsor.

Is 4G Clinical registered with EMA's Organisation Management Service (OMS)?

You can find 4G Clinical LLC (US) under Organisation ID ORG-100042775 and 4G Clinical B.V. (The Netherlands) under ORG-100044721 in the list of registered organizations here: https://iris.ema.europa.eu/locations/



Talk to Our Security and Quality Team

Connect with our team to discuss anything related to security, quality, data privacy and more.

Form