Beghou’s commitment to best-in-class technology and data security

We offer life sciences companies best-in-class technology platforms to help maximize performance across their portfolios. Through the implementation of robust policies and processes, we prioritize the security and privacy of our technology platforms and the data within these platforms.  

We maintain a comprehensive set of standard operating procedures (SOPs) and undergo annual SOC1/2 Type II, CCPA, GDPR and HIPAA assessments to gauge the adherence to those SOPs.  

Privacy and Information Security 

Our dedicated Governance, Risk and Compliance team oversees the firm’s security practices, including internal and client-facing systems and products. We partner with third parties on an ongoing basis to assess our security controls and procedures and stay on top of new security and compliance needs.  

We understand the nuances of data privacy regulations and strictly adhere to legal and regulatory requirements, including HIPPA, GDPR and CCPA.  We have procedures for proper handling of personal information, including proper data storage and deletion, and handling consumer rights requests and notification procedures. Employees receive mandatory training covering secure data handling and undergo background and exclusion checks as required.  

More details may be found in Beghou’s Privacy Policy 

Data Governance 

We protect our clients’ sensitive data by following industry best practices and working closely with clients to understand and implement solutions that meet or exceed their security requirements.  We understand the complexities of our industry’s data as we’ve closely managed life sciences companies’ data for more than three decades. We have extensive experience implementing data management and processing procedures based on the sensitivity of each data set.  

We understand that our clients must abide by vendor data agreements. With a strong background in the life sciences industry, we have an apt understanding of these agreements and ensure our clients maintain compliance with their data vendors. 

Security 

We implement comprehensive practices to protect systems and data. We configure infrastructure and resources following provider reference architecture and security best practices.   

Our multifaceted approach to security includes:  

  • Firewalls and VPNs 
  • Strong access controls using least privileged access, SSO and MFA, and per user role assignments  
  • Data encryption in transit and at rest 
  • Isolated client systems and data 
  • Network isolation with available IP restrictions 
  • Vaulting of keys and secrets 
  • Logging and monitoring 

PHI and GDPR Sensitive data is restricted to separate high-security environments with additional access and data transfer restrictions and monitoring.    

We also undergo annual third-party vulnerability and penetration testing for our networks and products. 

Availability and Resiliency  

Through a combination of private and public cloud infrastructure, we provide 99.9% system availability. Our technology platforms contain built-in redundancies at all levels and are monitored and protected to avoid downtime or business disruption. We retain daily, weekly and monthly incremental backups in case of accidental deletion and may provide longer-term data archives based on client need. 

We maintain geographically diverse infrastructure and data replication. Disaster recovery and incident response procedures allow rapid recovery to avoid business disruption. Our disaster recovery time objective (RTO) is 24 hours or less with a recovery point objective (RPO) of under 12 hours.  

Software Development Lifecycle  

We follow common industry software development practices. We maintain separate non-production environments and follow change management procedures requiring testing and approvals before deploying to production. We utilize version control to track, review, approve and deploy all code changes. 

Standard Operating Procedures 

We continually review and evolve SOPs to ensure the below industry-strength standards: 

  • HIPAA Compliance Risk Analysis 
  • Incident Response 
  • Breach Management 
  • Sanctions Policy 
  • Software Development Life Cycle  
  • IT Change Management 
  • Patch Management 
  • Asset Inventory Management 
  • Asset Disposal and Destruction 
  • Workstation Security and Password Management 
  • Security Monitoring and Assessment 
  • Security Awareness Training 
  • Facility Access Management 
  • Data Privacy and Security 
  • Data Classification and Handling 
  • Data Encryption Management 
  • Backup and Restore 
  • Disaster Recovery

Questions? 

To learn more about our technology standards or request a demo of our technology platforms, contact us at info@beghouconsulting.com. 

To learn more about commitment to ethical business practices, review our environmental, social and governance standards