Information Security Committment
Information Security Commitment
To keep information security at the highest level, ACTG-CRO operates as:
Confidentiality: Informations are only accessible to authorized persons.
Integrity: Information is protected and will not be altered by unathorized persons.
Accessibility: Information is available as needed by authorized persons.
ACTG-CRO analyzes the professional profiles of doctors for the purpose of identifying potential investigators for Clinical Trials. The company will use available contact information, including email addresses and phone numbers, for the purpose of inviting potential investigators to apply to participate in research. ACTG-CRO will source health professional information from its own databases and also indirectly from public sources and referrals. For operational purposes, ACTG-CRO will also collect information relating to the involvement and performance of investigators and supporting study staff. The company will also process financial information of investigators to support payment for services.
At the point of data collection, ACTG-CRO will provide notice to individuals in a clear and conspicuous language about how their information will be used, disclosed and transferred; what choices they have in relation to how their data are handled; what informational rights they have under data privacy law or under this Policy; and who to contact with any questions or complaints. These privacy notices are tailored to specific situations of data collection. In providing such notice, ACTG-CRO meets its obligations to be transparent and fair with individuals as is required by many data privacy laws. Dependent on the medium, notice may be given in person, by email, post, telephone, or by posting on our website.
We comply with ISO 27001: 2013 Standard requirements:
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.