Tulip Compliance and Certifications
Tulip’s cloud-native platform regularly undergoes internal and independent verification of its security, privacy, and compliance controls. Tulip has achieved certifications, attestations of compliance, and audit reports against globally recognized standards.
-
GDPR
The EU's General Data Protection Regulation and similar legal requirements in other jurisdictions outline strict protections for consumer data, prioritizing integrity and confidentiality and limiting how organizations can handle data. Our privacy policy contemplates GDPR and other applicable protections. We enter into data processing agreements with our customers, partners, vendors, and affiliates where appropriate.
-
GAMP5
Good Automated Manufacturing Practice (GAMP) 5 is a baselineguide that provides an approach to validating computerized (digital) systems in GxP industries that is pragmatic and rooted in risk-based thinking. Tulip has implemented aspects of this approach to manage our own software development so that our documentation can be used to support GxP validation needs and the Tulip product can be seamlessly incorporated into your working environment.
-
ISO 9001:2015
ISO 9001 is an internationally recognized standard for Quality Management Systems (QMS). It is the most widely used QMS standard in the world, with over 1.1 million certificates issued to organizations in 178 countries. Tulip is certified to ISO 9001: 2015.
-
SOC 2 Type II
Developed by the American Institute of CPAs (AICPA), SOC 2 is the name of a report that can be provided by a certified auditing body to a service organization. SOC 2 defines controls around 5 target categories called trust service criteria: security, availability, processing integrity, confidentiality, and privacy. Tulip is compliant with applicable SOC 2 controls and maintains a SOC 2 report.
Regulations Tulip Can Help You Comply With
Tulip helps manufacturers comply with key industry regulations, standards, and quality frameworks. Our platform provides robust capabilities for data integrity, audit trails, electronic signatures, and real-time monitoring. This enables manufacturers to confidently meet industry standards and comply with strict regulatory requirements.
-
FDA 21 CFR Part 11
21 CFR Part 11 regulates the use of electronic records and electronic signatures for some regulated industries. Tulip offers features and capabilities that allow customers to comply with FDA 21 CFR Part 11.
-
EU GMP Annex 11
Annex 11 in one of several rules governing the manufacture of medicinal products in the EU. The focus is to ensure that when digital tools are used in the manufacturing space that there is no increased risk.
-
EudraLex Volume 4
EudraLex Volume 4 outlines the Good Manufacturing Practice (GMP) guidelines for the manufacturing of medicinal products within the European Union. Tulip provides features that help ensure traceability, quality control, and regulatory compliance.
-
21 CFR Part 210/211
21 CFR Parts 210 and 211 focuses on ensuring the quality and safety of pharmaceutical products. Tulip provides features that enable real-time monitoring, data integrity, and process automation.
-
ISO 13485
ISO 13485 specifies the requirements for a quality management system in the design and manufacture of medical devices. Tulip provides manufacturers with a flexible, scalable solution that enables accurate data collection, real-time monitoring, and traceability.
-
21 CFR Part 820
21 CFR Part 820 governs the quality system regulations for medical devices in the United States, ensuring that manufacturers meet product quality standards. Tulip enables streamlined process control, documentation management, and traceability of production processes.
-
ITAR
The International Traffic in Arms Regulations (ITAR) controls the manufacture, sale, and distribution of products and services appearing on the United States Munitions List. Tulip offers deployment using AWS GovCloud (US).
-
EAR
The US Export Administration Regulations (EAR) applies to dual-use items, which are available both for commercial sales and government use. Tulip offers deployment using AWS GovCloud (US).
-
AS9100
AS9100 is a quality management system standard specifically designed for the aerospace industry, incorporating ISO 9001 requirements with additional focus on safety, reliability, and regulatory compliance.
Security and Privacy Framework
Tulip prioritizes data security and privacy by adhering to SOC 2 and GDPR frameworks. All data is encrypted both in transit and at rest to ensure maximum protection. Our development lifecycle addresses security concerns from the start, and we continuously monitor for vulnerabilities, intrusions, and unusual activity to keep your data safe.
Streamline compliance with Tulip apps
Tulip’s platform features capabilities that enable and streamline compliance, including review by exception, alerts, edge connectivity, and backward and forward traceability.
-
Automatic Attributability
Automatically capture data for all your regulated use cases such as batch records, device records, equipment logs, etc.
-
Right-the-First-Time
Reduce missing or incorrect information with guidance, verifications, and connected devices.
-
Real-time Visibility
Prevent issues and respond quickly with real-time incident and deviation tracking.
Digitally Transform Your Operations with Tulip
Learn more about Tulip Platform’s GxP Ready Features.