Certifications and Attestations

Security

ISO/IEC 27001:2022 inclusive of ISO/IEC 27017:2015

ISO/IEC 27001:2022 is the world’s best-known standard for information security management systems (ISMS). Certification demonstrates compliance with the requirements, principles, and best practices associated with the standard across a broad set of control domains further defined in ISO/IEC 27002:2022. Annual audits by an authorized organization are required to confirm continued compliance, as well as ongoing risk assessments and continuous improvement of the ISMS.

ISO/IEC 27017:2015 provides additional guidance for companies with respect to cloud computing, expanding on the guidance provided in ISO/IEC 27002 and defining additional controls that specifically relate to cloud services.

TraceLink's Information Security Management System (ISMS) has been independently verified by A-LIGN to meet the requirements of both of these standards.

TraceLink’s ISO/IEC 27001:2022 certificate is available here.

Additional information on ISO/IEC 27001 can be found here.

A-LIGN ISO 27001

 

A-LIGN ISO 27017

 

A-Lign SOC 2

SOC 2 / ISAE 3000 Type II

A SOC 2 report is designed to meet the needs of a broad range of users who require detailed information and assurance regarding a service organization’s controls aligned with the standardized Trust Services Criteria (TSC). This report, issued following an annual independent audit, includes a comprehensive description of the audit scope, the implemented controls addressing the selected TSC, the testing procedures performed, and the results or auditor’s opinion on the system description. TraceLink’s report also incorporates additional controls to align with the ISAE 3000 framework, ensuring comprehensive coverage for our international customers.

TraceLink’s SOC 2 Report provides assurance over the Common Criteria/Security, Availability, and Confidentiality Trust Services Criteria.

A copy of the Confirmation of Audit Opinion Letter is available here.

To request a confidential copy of TraceLink's SOC 2 / ISAE 3000 Type II report, please email artifact-request [at] tracelink.com (artifact-request[at]tracelink[dot]com).

Additional information on SOC 2 can be found here.

Additional information on ISAE can be found here.

 

SOC 1 / SSAE 18 Type II

A SOC 1 report is designed to meet the needs of users who require assurance regarding the effectiveness of controls relevant to a service organization’s client financial reporting. This report includes a comprehensive description of the audit scope, the control objectives established to support financial reporting processes, the testing procedures performed, and the auditor’s opinion on the suitability and operational effectiveness of those controls.

TraceLink’s SOC 1 Report follows the requirements outlined in the SSAE 18 standard and helps provide our customers and their auditors with confidence that TraceLink’s controls support accurate and reliable financial reporting associated with Multienterprise Information Network Tower (MINT) and the supporting OPUS Platform.

A copy of the Confirmation of Audit Opinion Letter is available here.

To request a confidential copy of TraceLink's SOC 1 / SSAE 18 Type II report, please email artifact-request [at] tracelink.com (artifact-request[at]tracelink[dot]com).

Additional information on SOC 1 can be found here.

A-LIGN SOC 1

 

TraceLinkLinkedin CyberVadis

Certificate of Cybersecurity Assessment

CyberVadis is a leading platform specializing in third-party cybersecurity risk assessments. Established in 2018, it has become a trusted solution for numerous international companies aiming to mitigate cyber risks within their supply chains. The platform offers a reliable, scalable, and managed solution to assess and manage the cybersecurity maturity of vendors. The assessment methodology is based on international standards and frameworks, ensuring a comprehensive evaluation of information security management systems.

TraceLink has achieved a score of 993 out of 1000 in the cybersecurity assessment, scoring Mature level and earning a Platinum medal.

View the CyberVadis Certificate here.

 

 

Quality

ISO 9001:2015

ISO 9001:2015 is a well-known international standard relating to quality management. This certification signifies that an organization has the ability to consistently provide products and services via a risk-based approach that meets customer and regulatory requirements. TraceLink’s Quality Management System (QMS) has been independently verified to meet the requirements of this standard.

TraceLink’s ISO 9001 certificate is available here.

Additional information on ISO 9001 can be found here.

 

 

Standards















GS1 US Rx EPCIS Conformance Testing

The GS1 US Rx EPCIS Conformance Testing Program is designed to ensure the interoperability and compliance of data exchanges within the pharmaceutical supply chain, as required by the Drug Supply Chain Security Act (DSCSA). This voluntary program tests and certifies that EPCIS messages sent by participants meet GS1 standards, supporting accurate and reliable traceability of pharmaceutical products from manufacturers to dispensers. By achieving the conformance trustmarks, participants demonstrate their commitment to maintaining high standards of data integrity and supply chain security.

View on GS1 or read more about the GS1 US Rx EPCIS Conformance Testing Program.