Skip to main content
Data Security & Privacy

Meeting the Highest Security, Privacy, and Safety Standards

Test Alt

Empowering Discovery & Minimizing Risk

In the rapidly evolving field of life sciences, where valuable insights and groundbreaking discoveries are driven by data, ensuring privacy and data protection is of paramount importance.

BC Platforms adheres to the highest global standards of data privacy and security (ISO 27001, ISO 27701, GDPR, UK and Singapore GDPR, Swiss Federal Act on Data Protection, HIPAA, EU Digital Services Act) while continuously working to align to changing and emerging regulatory frameworks.

Committed to Data Protection: Safeguarding Your Privacy

Test Alt

As the life science market continues to advance, we, at BC Platforms, support the principle that safeguarding data privacy remains a critical priority. Compliance with regulations, anonymization or pseudonymization, informed consent, robust data security, responsible data sharing, transparent policies, breach response plans, and ethical considerations remain our top priority so that individuals’ privacy is protected while fostering scientific research progress.

In addition, we closely monitor emerging and pending regulatory frameworks and ecosystems to assure the ongoing safe facilitation of research and innovation. By upholding these considerations, we aim to build trust with our customers and partners, driving innovation in a responsible and privacy-conscious manner with the ultimate goal of addressing the patients’ unmet needs.

Global Compliance

The sensitive nature of ​health information necessitates robust safeguards to maintain individuals’ privacy while facilitating scientific progress. Compliance ensures that health information is handled securely and confidentially, protecting individuals’ rights and privacy.

At BC Platforms, we uphold these standards and are proud to deliver products aligning to these requirements:

Under the EU’s General Data Protection Regulation (GDPR), a data controller is the organization that determines the purposes and means of processing personal data. In other words, the data controller decides the how and why of a data processing operation. A data processor, on the other hand, is an organization that processes personal data on behalf of a data controller. Whether working as a data controller or a data processor, BC Platforms is committed to upholding the principles and requirements of GDPR across all of our operations. We implement appropriate technical and organizational measures to protect data and uphold the rights of data subjects. As a data processor, we only process personal data for specified, explicit and legitimate purposes as instructed by our clients and partners.

BC Platforms maintains comprehensive safeguards and protections to enable customers to freely and securely transfer personal data from the EU/EEA in compliance with Schrems II ruling. Our solutions and cloud services adhere to the highest standards of data security for cross-border data transfers, and we maintain EU adequacy by adopting the full suite of standard contractual clauses and binding corporate rules for data exports.

​​​The adequacy decision of July 10, 2023, on the EU-U.S. Data Privacy Framework covers data transfers from any public or private entity in the EEA to US companies participating in the EU-U.S. Data Privacy Framework. With the adoption of the adequacy decision, European entities are able to transfer personal data to participating companies in the United States, without having to put in place additional data protection safeguards required by the Schrems II. The new UK-US Data Bridge brought similar developments for data transfers from the UK to the US. ​​

​​Similar legislation on international data transfers exists in all countries of our and our customer and data partner operations. Therefore, it is all the more important to offer full transparency and auditability around data handling. BC Platforms continuously follows the legislative developments around the world and evaluates and updates technical and organizational measures to identify and mitigate any potential risks to personal data.​​

Read more on safe and trusted EU-US data flows:​​

For more information on the Schrems II ruling read the European Court of Justice judgment:​​

Refer also to new developments in the UK-US data bridge: ​​

For more information on the Personal Data Protection Act of Singapore, please see:

​​​For more information on the Swiss Federal Act on Data Protection, read the following:

BC Platforms has the capacity to comply with all applicable standards and requirements set forth by the Health Insurance Portability and Accountability Act (HIPAA) when needed. We have comprehensive policies and safeguards in place to ensure the privacy and security of PHI. Our systems are designed to limit PHI access only to authorized individuals who operate under strict confidentiality agreements. We conduct employee training on safe handling of PHI and our vendor management policies emphasize security and privacy in all parts of the supply chain. BC Platforms utilizes security controls like encryption and access logging to protect PHI against unauthorized use or disclosure. As per HIPAA guidelines, we have business associate agreements (BAAs) with our customers and partners as needed. We report any potential breach or disclosure of PHI as required by law. We remain transparent and accountable in our commitment to protecting sensitive patient health information.

Following the introduction of US Food and Drug Administration’s policy for accepting RWD in addition to traditional clinical trial data in new drug applications, BC Platforms is committed to supporting access to real world data which can be used in support of submissions done under FDA regulations.

RWD planning should start early in a clinical development program and run alongside randomized clinical trial (RCT) activities. This ensures an optimal regulatory submission package with gold-standard RCT data strengthened by RWD for additional context around endpoints in clinical practice, under-represented populations, and long-term or rare events.

BC Platforms has capabilities for maintaining audit trails of data, starting from extracting RWD sources through maintenance and retention of dataset(s), including the tracking of user access, data changes, changes to the protocol, and analyses performed. The RWD and associated programming codes and algorithms are documented, well-annotated, and complete, allowing FDA to replicate the study analysis using the same dataset and analytic approach.

BC Platforms can provide solutions which fully comply with 21 CFR Part 11 regulations governing electronic records and signatures in pharmaceutical research. Our systems meet the FDA requirements for data integrity, audit trails, system security, and electronic signature controls. We enable customers to securely collect, analyze, and report clinical trial data per 21 CFR Part 11 standards.

BC Platforms upholds all regulations set forth by the European Medicines Agency (EMA) governing the processing and management of data related to medicinal products. We have robust information security systems and protocols in place to ensure the confidentiality and integrity of clinical trial data. Our platforms and solutions enable customers to comply with EMA standards for electronic records and signatures used in clinical trials.

BC Platforms maintains high quality systems validated per GAMP 5 guidelines that adhere to principles of data privacy, transparency and ethics established by EMA. We provide full audit trails and are committed to cooperation with inspections by EU authorities. Through our strong data governance policies and commitment to compliance, BC Platforms enables pharmaceutical clients to securely collect, process and submit clinical trial data to meet all EMA regulatory obligations.

BC Platforms is fully committed to complying with the U.S. Cloud Act which governs law enforcement access to data stored by cloud service providers. We have stringent policies and procedures in place to ensure that any requests we may receive from law enforcement entities for customer data are carefully validated and vetted for legal sufficiency. We only disclose customer data when compelled by court orders and notify affected customers as permitted by law.

Our cloud architecture provides logical separation of customer data to prevent unauthorized access. We use encryption technologies to secure sensitive data at rest and in transit. BC Platforms undergoes independent audits to verify our data security controls consistently meet or exceed Cloud Act requirements. We are transparent with our customers about our data handling practices. Through stringent controls and being fully accountable, BC Platforms helps customers globally leverage the cloud while adhering to the Cloud Act provisions regarding lawful access to data.

BC Platforms is fully committed to complying with the new EHDS guidance and will register as a data intermediary well before the 2025 deadline. Our project experience in Europe with initiatives such as HDR-UK and FinnGen positions us well for the EHDS federated approach. ​​

​​​See also:​​


What Makes Us Trustworthy

Your tools must be secure, compliant and highly available. We are committed to applying the best security and compliance standards for your data. Our solutions are built with scalability and availability in mind, so you can consistently embed security, maximize availability, and validate compliance.

BC Platforms’ solutions undergo industry-standard security audits on an annual basis. We are verified at the highest level, not only for our products and services, but also for our own internal security policies, processes and employees.


Our ISO 27001 certificate

Protecting your data at rest or in transit is our top priority

  • Product Security
    • Audit Logging
    • Role Based Access Controls
    • Authentication and Authorization
  • Corporate Security
    • Background Checks
    • Security Training
    • Vendor Management
    • Facilities Security
    • Business Continuity and Disaster Recovery Planning
  • Data Security
    • Data Encryption at Rest
    • Data Encryption in Motion
  • Application Security
    • Secure SDLC
    • Annual penetration testing

View Certificate

Our ISO 13485 certificate

BC Platforms follows an ISO13485:2016 quality management system in all its operations. ISO 13485:2016 is a global quality standard which specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements.

BC Platforms’ ISO13485 quality management system covers processes in all stages of its products’ life cycle, including design and development, production, storage and distribution, installation, and servicing, as well as design and development and provision of associated activities, such as technical support.

BC Platforms has been audited annually by Lloyd’s Register for Quality Assurance since 2016.

View Certificate


Since 2020, BC Platforms has been certified by the European Health Data and Evidence Network (EHDEN) for its knowledge on standardizing health data to the OMOP common data model and the installation of the technical infrastructure. For more information on EHDEN and the certification program, please visit:

OWASP Application Security Verification

As a part of its Information Security Management System, BC Platforms has a technical information security assessment program for all its product lines. The assessments include annual cyber security and vulnerability assessments and security testing according to the OWASP 10 ASVS Level 2 framework.

Learn More About BC Platforms