fbpx

Compliance

Gpi USA takes pride in the quality and security of our software products. To ensure that we meet the highest industry standards, we have obtained a number of compliance licenses and certifications.

e-Delphyn Suite is 510(k)-cleared as a medical device by the U.S. Food and Drug Administration.

Additionally, we hold the following licenses and certifications.

LICENSES

Logo for International Council for Commonality in Blood Bank Automation

 

Logo for Information Standard for Blood and Transplant (ISBT 128)

 

 

International Council for Commonality in Blood Bank Automation (ICCBBA)

ICCBBA is an international non-state actor in official relations with the World Health Organization (WHO) that manages, develops, and licenses ISBT 128.

The mission of ICCBBA is to improve patient safety through standardization of the way critical information is carried on labels of Medical Products of Human Origin (MPHO).

Information Standard for Blood and Transplant (ISBT)

ISBT 128 provides international consistency to support the transfer, transfusion, or transplantation of medical products of human origin, by encoding information in a manner that allows the information to be transferred from one computer system to another in a way that is unambiguous and accurate. The acronym ISBT was originally derived from the important role played by the International Society of Blood Transfusion in the development of the standard. Today it expands as Information Standard for Blood and Transplant. The number 128 reflects the 128 characters of the ISO/IEC 646 7-bit character set

CYBERSECURITY

Gpi USA has achieved SOC 2 Type I & II reports against stringent standards

The Assurance Services Executive Committee of the AICPA developed the criteria against which SOC 2 compliance is measured.

 

 

System and Organization Controls (SOC) 2 Audits

Gpi USA utilizes enterprise-grade best practices to protect our customers’ data and works with independent experts to verify its security, privacy, and compliance controls, and has achieved SOC 2 Type I & II reports against stringent standards.

Learn more about Drata Security and Compliance

Continuous Security Control Monitoring

Gpi USA uses Drata’s automation platform to continuously monitor 100+ internal security controls across the organization against the highest possible standards. Automated alerts and evidence collection allow Gpi USA to confidently prove its security and compliance posture any day of the year while fostering a security-first mindset and culture of compliance across the organization.

​Employee Training

Security is a company-wide endeavor. All employees complete an annual security training program and employ best practices when handling customer data.

​Penetration Tests

Gpi USA works with industry-leading security firms to perform annual network and application layer penetration tests.

​Secure Software Development

Gpi USA utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.​

Data Encryption

Data is encrypted both in transit using TLS and at rest.

​Vulnerability Disclosure Program

If you believe you’ve discovered a bug in Gpi USA security, please get in touch with infosec@gpiusa.com. Our security team promptly investigates all reported issues.

Independent auditor Sensiba San Filippo, LLP (SSF) objectively certifies our controls to ensure the continuous security of our customers’ data.

  • SOC 2 Type II
    • A SOC 2 Type II report describes a service organization’s systems and whether the design of specified controls meets the relevant trust services categories and assesses the effectiveness of those controls over a specified period of time. Gpi USA’s SOC 2 Type II report had no noted exceptions and therefore was issued with a “clean” audit opinion from SSF.
  • ​SOC 2 Type I
    • SOC 2 Type I compliance evaluates an organization’s cybersecurity controls at a single point in time. The goal is to determine whether the internal controls put in place to safeguard customer data are sufficient and designed correctly.

Developed by the Assurance Services Executive Committee (ASEC) of the AICPA, the Trust Services Criteria is the set of control criteria to be used when evaluating the suitability of the design and operating effectiveness of controls relevant to the security, availability, or processing integrity of information and systems, or the confidentiality or privacy of the information processed by the systems at an entity, a division, or an operating unit of an entity.

If you believe you’ve discovered a bug in Gpi USA’s security, please contact infosec@gpiusa.com. Our security team promptly investigates all reported issues.

WORKPLACE CULTURE

 

 

Great Place to Work Certification recognizes employers who create an outstanding employee experience. Our certification is a testament to our aspirations as a company. In addition to striving to deliver exceptional experiences for our customers, Gpi USA aims to ensure that our work family and our communities thrive, and we achieve this by capitalizing on our employees’ diverse experiences and backgrounds.