Tulip’s Compliance Program
Tulip’s cloud-native platform regularly undergoes internal and independent verification of its security, privacy, and compliance controls. Tulip has achieved certifications, attestations of compliance, and audit reports against globally recognized standards.
Tulip Compliance and Certifications
-
GDPR
The EU's General Data Protection Regulation and similar legal requirements in other jurisdictions outline strict protections for consumer data, prioritizing integrity and confidentiality and limiting how organizations can handle data. Our privacy policy contemplates GDPR and other applicable protections. We enter into data processing agreements with our customers, partners, vendors, and affiliates where appropriate.
-
GAMP5
Good Automated Manufacturing Practice (GAMP) 5 is a good practice guide that provides an approach to validating computerized (digital) systems in GxP industries that is pragmatic and rooted in risk-based thinking. Tulip has implemented aspects of this approach to manage our own software development so that our product can be seamlessly incorporated into your working environment.
-
ISO 9001:2015
ISO 9001 is an internationally recognized standard for Quality Management Systems (QMS). It is the most widely used QMS standard in the world, with over 1.1 million certificates issued to organizations in 178 countries. Tulip is certified to ISO 9001: 2015.
-
SOC 2 Type II
Developed by the American Institute of CPAs (AICPA), SOC 2 is the name of a report that can be provided by a certified auditing body to a service organization. SOC 2 defines controls around 5 target categories called trust service criteria: security, availability, processing integrity, confidentiality, and privacy. Tulip is compliant with applicable SOC 2 controls and maintains a SOC 2 report.
The Tulip Platform Compliance Offerings
-
FDA 21 CFR Part 11
21 CFR Part 11 regulates the use of electronic records and electronic signatures for some regulated industries. Tulip offers features and capabilities that allow customers to comply with FDA 21 CFR Part 11.
-
EU GMP Annex 11
Annex 11 in one of several guidelines supporting the rules governing the manufacture of medicinal products in the EU. The focus is to ensure that when digital tools are used in the manufacturing space that there is no increased risk. The scope of Annex 11 goes beyond electronic records and signatures. Tulip offers features and capabilities that enable customers to comply with EU GMP Annex 11.
-
ITAR
The International Traffic in Arms Regulations (ITAR) controls the manufacture, sale, and distribution of products and services appearing on the United States Munitions List. Tulip offers deployment using AWS GovCloud (US).
-
EAR
The US Export Administration Regulations (EAR) applies to dual-use items, which are available both for commercial sales and government use. Tulip offers deployment using AWS GovCloud (US).
Tulip includes features and capabilities to streamline compliance
Tulip’s platform features capabilities that enable and streamline compliance, including review by exception, alerts, edge connectivity, and backward and forward traceability.
-
Automatic Attributability
Automatically capture data for all your regulated use cases such as batch records, device records, equipment logs, etc.
-
Right-the-First-Time
Reduce missing or incorrect information with guidance, verifications, and connected devices.
-
Deploy in hands-free environments
Use Tulip with wearable headsets, vision camera, and foot pedals in a lab or cleanroom
Digitally Transform Your Operations with Tulip
Learn more about Tulip Platform’s GxP Ready Features.