e-FORM

Security is a critical component of a Clinical Trial Management System (CTMS) due to the sensitive nature of clinical trial data, including patient information, proprietary study protocols, and regulatory documents. e-FORM incorporates the following security measures:

• Role-Based Access Control (RBAC)
• One Time Password wherever required
• Strong passwords (configurable)
• Two Factor Authentication (2FA)
• Maximum number of failed logins
• Periodic password renewal
• Password history
• Password protection (SALT+SHA)
• Data encryption in transit using TLS/SSL to secure data transmitted
• Data encryption at rest for personal data
• Event log
• Session timeout
• IP whitelist
• Audit trail
• Data validation
• Data integrity check of submitted data
• Nonconforming data logger
• SQL Injection
• Cross Site Scripting (XSS)
• Cross Site Request Forgery (CSRF)
• File upload control
• Adherence to standards like GDPR and 21 CFR Part 11
• Real-Time security monitoring and alerting
• Configurable Security Level

Penetration test

A penetration test is a simulated cyberattack on a website to identify vulnerabilities that malicious attackers could exploit. The primary goal is to evaluate the security posture of the site and provide actionable insights to strengthen its defenses.
e-FORM has successfully passed a penetration test performed by a certified third-party specialized security firm.