GxP Compliance Policy
Introduction
At Thru, we are committed to ensuring our Managed File Transfer (MFT) solutions meet the stringent requirements of Good Practice (GxP) regulations, including Good Manufacturing Practice (GMP), Good Clinical Practice (GCP), and Good Laboratory Practice (GLP).
As a trusted partner to regulated industries, we maintain a robust quality management system and implement comprehensive measures to ensure data integrity, system validation, and regulatory compliance throughout our product lifecycle.
Data Integrity and Security
Our MFT solution employs industry-leading security controls, including encryption, access controls, and audit trails, to safeguard the confidentiality, integrity, and availability of GxP data during transfer and storage.
System Validation
We follow a rigorous validation process, including Installation Qualification (IQ), Operational Qualification (OQ), and Performance Qualification (PQ), to ensure our MFT solution operates as intended.
Change Control and Configuration Management
All changes to our MFT solution, including software updates and configuration changes, undergo strict change control processes to ensure traceability, risk assessment, and regulatory compliance.
Supplier and Subcontractor Management
We maintain a comprehensive supplier and subcontractor evaluation and qualification program to ensure the quality and compliance of all products and services integrated into our MFT solution.
Proactive & Continuous Testing
Thru employs frequent penetration tests across environments to validate security posture, audit configurations, and identify risks. Daily automated scans run by internal teams cover external-facing assets to detect network and application changes that expand attack surfaces and vulnerabilities. We complement regular static and dynamic analyses with annual assessments from accredited third-party agencies.
Incident Management and Corrective/Preventive Actions
We maintain robust incident management processes, including root cause analysis and corrective/preventive action plans, to address any deviations, non-conformances, or potential quality issues proactively.
Conclusion
We continuously review and update this policy to ensure ongoing compliance with evolving GxP regulations and industry best practices.
For any GxP compliance-related inquiries or concerns, please contact our Security Operations team at secops@thruinc.com