Compliance

A higher standard. Quality Assured.

Ozette’s Quality Management System (QMS) ensures consistency, reliability, and excellence in operations across all facets of the organization. It is a structured framework that integrates quality principles into all of Ozette’s business processes. Our robust QMS is maintained by a dedicated Quality team with decades of industry expertise. It facilitates compliance with regulatory requirements and fosters continuous improvement, empowering teams to identify and address inefficiencies, mitigate risks, and enhance overall performance.

By establishing clear standards, protocols, and metrics for quality assurance, our QMS not only enhances product and service quality but also cultivates a culture of accountability and excellence.

Regulatory Affairs

Ozette is dedicated to ensuring our products meet or exceed applicable guidelines, standards, and regulations.

Current applicable guidelines, standards, and regulations implemented into Ozette’s QMS include:

21 CFR Parts 11, 50, 54, 56, 812, 820 (FDA)
29 CFR Part 1910 (OSHA)
45 CFR Part 164 (HIPAA)
Washington Administrative Code (WAC), Washington State Department of Labor & Industry
World Health Organization (WHO) Good Clinical Laboratory Practice (GCLP) Guideline, Division of AIDS (DAIDS) Good Clinical Laboratory Practice (GCLP) Guideline
ICH E6 Good Clinical Practice
GAMP5
IEC 62304
ISO 13485
ISO 14971
ISO 27001
ISO 9001
SOC 2
EU 2016/679 GDPR

Labeling:

US: Data provided by Ozette is for Investigational Use Only. The Performance Characteristics of the product have not been established.*

*Ozette software products have undergone software development lifecycle (SDLC) validation and analytical validation. The IUO designation refers to the regulatory status of the product and not to the completion of internal validation activities. Data provided by Ozette is not for use in diagnostic procedures.

EU/UK: Data provided by Ozette is for research use only, not for use in diagnostic procedures.

Information Security (IS)

Ozette’s IT infrastructure employs robust industry best practices to ensure the security, availability, processing, integrity, confidentiality, and privacy of customer data. We prioritize information security compliance by implementing encryption protocols, access controls, training, and regular security updates to mitigate potential risks and vulnerabilities.

Principles

Dedicated information security staff
Formal, documented security policies and procedures are reviewed for accuracy on a scheduled cadence
Company-wide training on security policies, procedures, including cybersecurity and HIPAA/GDPR
Strict security controls keep customer data completely separate and secure, and access to data is restricted to authorized personnel
Data is encrypted at rest and in transit
Network and wireless connections are regularly monitored and controlled.
Penetration tests and network scans are performed on a regular basis
Infrastructure is hosted by Amazon Web Services with best in class security features

Ozette is SOC 2 Type II certified for Security Trust Service Criteria. To review a copy of Ozette’s SOC 2 TypeII report please contact Quality@Ozette.com.

Continuous monitoring enables our organization to meet regulatory requirements and maintain the highest standards of data protection. Click the link below to see additional details on continuous monitoring of Ozette’s security infrastructure: https://app.drata.com/trust/96cf4f5c-4e08-4162-a69b-8bbe5a72e62a Ozette complies with all legal requirements for handling personally identifiable data including US HIPAA and EU/UK GDPR. Data Protection Officer (DPO): Contact dpo@ozette.com for all EU/UK patient/participant Right to Erasure, Right to Restrict Processing, Right to Data Portability, Right to Object requests. EU GDPR Representative: Osano International Compliance Services Limited ATTN: JYTM 3 Dublin Landings North Wall Quay Dublin 1 D01C4E0 UK GDPR Representative: Osano UK Compliance LTD ATTN: JYTM 42-46 Fountain Street Belfast Antrim BT1-5EF