SECURITY

ISO 27001 is a globally recognized standard that sets out the requirements for an information security management system (ISMS). The certification demonstrates that a company has implemented a robust framework of policies, procedures, and controls designed to protect sensitive information from unauthorized access, disclosure, or compromise. Achieving ISO 27001 certification requires a rigorous, independent assessment by an accredited certification body.

The scope of Evidence Prime's ISO 27001 certification covers all aspects of its operations, including software development, technical support, and hosting services. This comprehensive approach ensures that the company's systems and processes are designed to identify, manage, and mitigate risks to the confidentiality, integrity, and availability of its clients' information.

To maintain the ISO 27001 certification, Evidence Prime will undergo regular audits by an external certification body to ensure ongoing compliance with the standard. These audits will ensure the company continually improves its information security management system and adapts to emerging risks and technological advancements.

This certification not only reinforces Evidence Prime's dedication to information security but also positions the company as a trusted partner for organizations in various industries, including healthcare, research, and government. Clients and partners can confidently rely on Evidence Prime's solutions, knowing that their sensitive information is protected by internationally recognized security standards.

This certification is a testament to the company's multi-year efforts and substantial investments in security and compliance, ensuring that its flagship Laser AI system is the most secure option for customers in the industry.

The SOC-2 Type 2 certification is an independent audit conducted by a certified public accounting firm, which assesses a company's internal controls, security measures, and overall organizational compliance with the American Institute of Certified Public Accountants (AICPA) Trust Service Criteria. The certification validates that Evidence Prime's security protocols meet and exceed industry standards, providing clients with the confidence that their sensitive data is protected.

This latest achievement adds to the company's portfolio of security certifications. Evidence Prime is the only organization in the literature review automation space to have earned the prestigious ISO 27001 certification, FedRAMP li-SaaS authorization, and now the SOC-2 Type 2 certification. The combination of these certifications sets Evidence Prime apart from its competitors and underscores its commitment to data security and privacy.

The successful completion of the SOC-2 Type 2 audit demonstrates Evidence Prime's dedication to building a secure and compliant infrastructure, ultimately benefiting its clients through robust data protection, enhanced trust, and reduced risk. As a result, clients using the Laser AI system can rest assured that they are employing the safest and most secure solution for automating their literature reviews. The certification also includes the secure GRADEpro Enterprise, the company’s offer for institutions developing and publishing healthcare guidelines.

Laser AI can now be integrated securely and efficiently into federal customers’ workflows to accelerate their research. Evidence Prime’s initial partnering agency was the National Institutes of Health.

Laser AI is a cloud-based software platform that uses advanced machine learning techniques to automate and streamline the management of large volumes of scientific data. It speeds up the process of literature reviews, decreases its costs, and improves the quality by allowing overworked human specialists to focus on the essential elements and offload many of the repetitive tasks to the AI-enabled system. Laser AI’s security-by-design approach includes a secure cloud-native platform built using modern DevSecOps technologies, such as Kubernetes.

FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. It helps the government rapidly adapt from old, insecure legacy IT to mission-enabling, secure, and easily deployed cost-effective cloud-based solutions.