SECURITY
Haversac’s designers, builders, and systems operators specialize in the heavily regulated healthcare information environment, and security and data back-up robustly exceeds pharmaceutical industry requirements.
Haversac computer system and servers meet or exceed the applicable FDA Electronic Systems Federal Regulations 21 CFR 11, 21 CFR 211, 21 CFR 820, and GPSV. This includes the electronic signatures, electronic equipment, and design control provisions. A rigorous software development life cycle (SDLC) loop of investigation, analysis, design, environment progression, testing, training and transition, operations and maintenance, and evaluation of outcomes governs the Haversac design.
Haversac systems and data servers are secured in facilities certified under the ANSI/TIA-942, ASHRAE, NFPA standards. These locations undergo rigorous annual assessments by Quality Security Assessors (QSA); an independent auditor. Compliance certifications include: HIPAA / HITECH Security Rule, FDA, Federal Information Security Management Act (FISMA), SOC 1 Type 2, SOC 2 Type 2 and SOC 3, and Certified Level 1 Service Provider under PCI DSS.
Physical systems security includes biometric fingerprint readers, card/PIN access, combination lock server cabinets, 24/7/365 security guards, 24/7/365 monitored video surveillance, alarmed and monitored perimeter doors, visitor sign-in and visitor verification via driver’s license scanning.
Primary facility servers are replicated and synchronized to secondary facility servers, so in the unlikely event that the primary facility fails, all operations fail-over to the secondary facility. Snapshots of the Haversac systems are taken on an hourly basis. Haversac system and data server facilities have tested storm and emergency preparedness plans and multi-faced recovery plans in place to help minimize service disruptions and ensure continued operations.