Security
ISO/IEC 27001:2022 inclusive of ISO/IEC 27017:2015
ISO/IEC 27001:2022 is the world’s best-known standard for information security management systems (ISMS). Certification demonstrates compliance with the requirements, principles, and best practices associated with the standard across a broad set of control domains further defined in ISO/IEC 27002:2022. Annual audits by an authorized organization are required to confirm continued compliance, as well as ongoing risk assessments and continuous improvement of the ISMS.
ISO/IEC 27017:2015 provides additional guidance for companies with respect to cloud computing, expanding on the guidance provided in ISO/IEC 27002 and defining additional controls that specifically relate to cloud services.
TraceLink's Information Security Management System (ISMS) has been independently verified by A-LIGN to meet the requirements of both of these standards.
TraceLink’s ISO/IEC 27001:2022 certificate is available here.
Additional information on ISO/IEC 27001 can be found here.
SOC 2 / ISAE 3000 Type II
A SOC 2 Report is based upon annual independent audit controls related to selected Trust Service Criteria (TSC) and performed under AT-C 105 and 205. The report includes a detailed description of the audit scope, the controls implemented to meet the selected TSC, description of tests performed, and results or opinion on the description of the system. TraceLink’s report also includes additional controls to ensure coverage with the ISAE 3000 framework for our international customers.
TraceLink’s report provides an audit opinion covering the Common Criteria/Security, Availability, and Confidentiality Trust Services Criteria.
A copy of the Confirmation of Audit Opinion Letter is available here.
To request a confidential copy of TraceLink's SOC 2 / ISAE 3000 Type II report, please email artifact-request [at] tracelink.com (artifact-request[at]tracelink[dot]com).
Additional information on SOC 2 can be found here.
Additional information on ISAE can be found here.
Certificate of Cybersecurity Assessment
CyberVadis is a leading platform specializing in third-party cybersecurity risk assessments. Established in 2018, it has become a trusted solution for numerous international companies aiming to mitigate cyber risks within their supply chains. The platform offers a reliable, scalable, and managed solution to assess and manage the cybersecurity maturity of vendors. The assessment methodology is based on international standards and frameworks, ensuring a comprehensive evaluation of information security management systems.
TraceLink has achieved a 946/1000 score in the cybersecurity assessment, scoring Mature.
View the CyberVadis Certificate here.
Quality
ISO 9001:2015
ISO 9001:2015 is a well-known international standard relating to quality management. This certification signifies that an organization has the ability to consistently provide products and services via a risk-based approach that meets customer and regulatory requirements. TraceLink’s Quality Management System (QMS) has been independently verified to meet the requirements of this standard.
TraceLink’s ISO 9001 certificate is available here.
Additional information on ISO 9001 can be found here.
Standards
GS1 US Rx EPCIS Conformance Testing
The GS1 US Rx EPCIS Conformance Testing Program is designed to ensure the interoperability and compliance of data exchanges within the pharmaceutical supply chain, as required by the Drug Supply Chain Security Act (DSCSA). This voluntary program tests and certifies that EPCIS messages sent by participants meet GS1 standards, supporting accurate and reliable traceability of pharmaceutical products from manufacturers to dispensers. By achieving the conformance trustmarks, participants demonstrate their commitment to maintaining high standards of data integrity and supply chain security.
View on GS1 or read more about the GS1 US Rx EPCIS Conformance Testing Program.