Flywheel Compliance Information and Resources

At Flywheel we understand that data privacy, security, and compliance are non-negotiable for researchers in healthcare and life sciences. We’re committed to providing our customers and partners with a platform that is engineered for the regulatory compliance your research demands.

Schedule a MeetingAccess our Trust Center

Our Commitment to Compliance

Flywheel offers validated and reliable solutions for managing data in accordance with international standards. Users can leverage extensive data privacy and governance capabilities to ensure audit readiness. By meeting the criteria of these data standards, we ensure that our procedures and systems meet the highest standards of security, availability, processing integrity, confidentiality, and privacy.

Secure Collaboration and Data Sharing for Imaging Research

Life Sciences Icon

Regulatory Compliance

Flywheel’s secure projects enable you to manage collaboration in compliance with IRB requirements, HIPAA, GDPR, GCP, and 21 CFR Part 11. Our re-identification tools allow you to identify and purge data for research subjects if requested. Our audit trails, digital signatures, and approval workflows ensure tracking and authorization.

Clinical Research and Imaging Research Icon

Data Privacy and Access Controls

Flywheel’s secure, access-controlled projects allow for data and algorithm sharing with internal and external collaborators. Manage privileges with a role-based permission model to ensure that only approved collaborators can access and modify data.

Clinical Research and Imaging Research Icon

Custom Authentication

Flywheel provides a seamless integration with your institutional identity service so you can quickly connect users to your Flywheel projects without creating new credentials and roles​. Flywheel’s data curation platform is integrated with research access federations featuring 4,000 leading research institutions around the world to simplify user authentication. The federations include InCommon, EduGain, OrcID, the Australian Access Federation, and more.

A Security Architecture Based on Industry Best Practices

Our security architecture protects the confidentiality, integrity and availability of our customers’ data and information systems.

Validated Solutions

  • Flywheel offers features for fully traceable data management. Users can export full audit trail reports at the project level.

  • Leverage logical and role-based access controls following the “least privilege” and “need-to-know” principles to govern employee capabilities.

  • Secure application development and monitoring practices ensure flaws and risks to company designed applications are identified early in the development process.

  • Formal SDLC methodologies are established that govern the secure development, acquisition, and implementation of all application and enhancement projects. Secure SDLC procedures cover secure coding reviews and practices.

Secure Environment

  • Third-party firms are engaged on an annual basis to perform security audits and testing of the Flywheel environment to demonstrate our commitments to security.

  • Customer data is encrypted at-rest (storage & backups) and in-motion over open public networks to protect the communication and transmission of data between system components.

  • Technical Safeguards are in place to protect information systems and data from unauthorized access, use and disclosure of information.

  • System components are configured to ensure all customer environments are appropriately segmented and isolated from other customer environments.

Comprehensive Policies and Procedures

  • A comprehensive security and awareness training program is required for all employees, consultants and contractors to ensure compliance with organizational security policies and procedures to protect in-scope information systems and data. All employees must train upon hire and on an annual basis thereafter.

  • Disaster recovery plans (including restoration of backups) have been developed and tested annually. Test results are reviewed and consequently, contingency plans are updated.

  • A continuous Information Security Improvement has been created to ensure the organization is constantly evaluating our security posture to ensure we are keeping up-to-date and identifying new and evolving risks, threats and vulnerabilities.

  • Formal Incident Response processes are defined and established which require incidents to be tracked,
    documented and resolved in accordance with the NIST incident response framework.

Risk Management Framework

  • A comprehensive risk management process is in place to analyze, prioritize and treat all organizational risk to ensure risk is reduced to acceptable tolerances.

  • A formal structured approach to threat modeling allows engineering teams to identify, and mitigate the risks to company applications and systems and identify the risks and likelihood of threat and impact to each system.

  • A comprehensive formal
    supplier management process is implemented to ensure that all
    potential vendors and suppliers are evaluated for potential risk. Suppliers are subject to security review and assessments when
    on-boarding and on an annual basis.

Infographic

Schedule an intro call for a 30 minute demo