Back to Help

Security Practices

Learn about our security measures and compliance certifications

Security First Approach

The SOVA IRB Management System is built with security as a foundational principle. We employ industry-leading security practices to protect sensitive research data and ensure regulatory compliance. Our infrastructure is designed to meet the stringent requirements of clinical research and healthcare data protection.

Core Security Features

Built-in security measures protecting your data

Encryption at Rest

All data is encrypted using AES-256 encryption when stored

Encryption in Transit

TLS 1.3 encryption for all data transmission

Access Control

Role-based access control (RBAC) with principle of least privilege

Audit Logging

Comprehensive audit trails for all system actions

Compliance & Certifications

Regulatory standards we adhere to

HIPAA

Compliant

Health Insurance Portability and Accountability Act compliance for PHI protection

21 CFR Part 11

Compliant

FDA regulations for electronic records and signatures in clinical research

GDPR

Compliant

General Data Protection Regulation for EU data subjects

SOC 2 Type II

Certified

Service Organization Control audit for security, availability, and confidentiality

Security Practices

How we protect your account and data

Multi-Factor Authentication

All user accounts require MFA for access. We support authenticator apps, SMS, and hardware security keys.

Session Management

Automatic session timeout after 30 minutes of inactivity. Users can view and revoke active sessions.

Password Requirements

Minimum 12 characters with complexity requirements. Password history prevents reuse of last 10 passwords.

IP Allowlisting

Organizations can restrict access to specific IP addresses or ranges for additional security.

Data Backup

Automated daily backups with 90-day retention. Geographic redundancy across multiple data centers.

Vulnerability Management

Regular security assessments, penetration testing, and automated vulnerability scanning.

Incident Response

Our commitment to security incident handling

We maintain a comprehensive incident response plan that includes:

  • 24/7 security monitoring and alerting
  • Defined escalation procedures and response times
  • Regular incident response drills and tabletop exercises
  • Transparent communication with affected parties
  • Post-incident reviews and continuous improvement

Report a Security Concern

Help us maintain a secure environment

If you discover a security vulnerability or have concerns about the security of our system, please report it immediately:

Security Team Contact

security@sova.health

We take all security reports seriously and will respond within 24 hours. Responsible disclosure of vulnerabilities is appreciated.

Related Documentation

User GuideAPI DocumentationHelp & Support