Tulip Trust Center

Trust isn’t built by words or a single control. It’s achieved through a comprehensive, integrated controls framework that provides a trusted foundation for continuous transformation.

Compliance
Security
Availability & Reliability

Tulip Compliance and Certifications

Tulip’s cloud-native platform regularly undergoes internal and independent verification of its security, privacy, and compliance controls. Tulip has achieved certifications, attestations of compliance, and audit reports against globally recognized standards.

  • FedRAMP

    Tulip offers hosting on AWS GovCloud infrastructure, which adheres to security controls for FedRAMP. We are implementing controls to comply with FedRAMP, with the expected achievement of moderate equivalency in early 2026.

    Our FedRAMP Rules of Behavior for External Users can be found here.

  • GDPR

    Our privacy policy contemplates GDPR and other applicable protections. We enter into data processing agreements with our customers, partners, vendors, and affiliates where appropriate.

  • ISO 9001:2015

    Tulip is certified to ISO 9001: 2015.

  • SOC 2 Type II

    Tulip is compliant with applicable SOC 2 controls and maintains a SOC 2 report.

We undergo regular third-party audits to ensure compliance, including FedRAMP IAW NIST 800-53 Rev. 5, ISO 9001, SOC 2 Type II, penetration tests, and internal security audits, thereby meeting industry-specific requirements and continuously improving our security posture.

See our security practices →

Regulations Tulip Can Help You Comply With

Tulip helps manufacturers comply with key industry regulations, standards, and quality frameworks. Our platform provides robust capabilities for data integrity, audit trails, electronic signatures, and real-time monitoring. This enables manufacturers to confidently meet industry standards and comply with strict regulatory requirements.

  • FDA 21 CFR Part 11

    21 CFR Part 11 regulates the use of electronic records and electronic signatures for some regulated industries. Tulip offers features and capabilities that allow customers to comply with FDA 21 CFR Part 11.

  • EU GMP Annex 11

    Annex 11 in one of several rules governing the manufacture of medicinal products in the EU. The focus is to ensure that when digital tools are used in the manufacturing space that there is no increased risk.

  • EudraLex Volume 4

    EudraLex Volume 4 outlines the Good Manufacturing Practice (GMP) guidelines for the manufacturing of medicinal products within the European Union. Tulip provides features that help ensure traceability, quality control, and regulatory compliance.

  • 21 CFR Part 210/211

    21 CFR Parts 210 and 211 focuses on ensuring the quality and safety of pharmaceutical products. Tulip provides features that enable real-time monitoring, data integrity, and process automation.

  • ISO 13485

    ISO 13485 specifies the requirements for a quality management system in the design and manufacture of medical devices. Tulip provides manufacturers with a flexible, scalable solution that enables accurate data collection, real-time monitoring, and traceability.

  • 21 CFR Part 820

    21 CFR Part 820 governs the quality system regulations for medical devices in the United States, ensuring that manufacturers meet product quality standards. Tulip enables streamlined process control, documentation management, and traceability of production processes.

  • ITAR

    The International Traffic in Arms Regulations (ITAR) controls the manufacture, sale, and distribution of products and services appearing on the United States Munitions List. Tulip offers deployment using AWS GovCloud (US).

  • EAR

    The US Export Administration Regulations (EAR) applies to dual-use items, which are available both for commercial sales and government use. Tulip offers deployment using AWS GovCloud (US).

  • AS9100

    AS9100 is a quality management system standard specifically designed for the aerospace industry, incorporating ISO 9001 requirements with additional focus on safety, reliability, and regulatory compliance.

Streamline compliance with human-centric apps

Tulip’s platform features capabilities that enable and streamline compliance, including review by exception, alerts, edge connectivity, and backward and forward traceability.

Learn more about the Tulip Platform
Security Governance and Compliance Illustration Horizontal

  • Automatic Attributability

    Automatically capture data for all your regulated use cases such as batch records, device records, equipment logs, etc.

  • Right-the-First-Time

    Reduce missing or incorrect information with guidance, verifications, and connected devices.

  • Real-time Visibility

    Prevent issues and respond quickly with real-time incident and deviation tracking.

Digitally Transform Your Operations with Tulip

Learn more about Tulip Platform’s GxP Ready Features.

Schedule a Demo
Day in the life CTA illustration