Protecting Customer Intellectual Property (IP)
At Sai Life Sciences, Intellectual Property is valued higher than a tangible asset. Restriction via access control (physical and logical), use of advanced security solutions, and information management controls ensure our customers’ IP is safe with us.
Guiding principle for Sai's IP Policy
- All IP generated during the course of the project belongs to the customer.
- Structural advantages:
Pure play CRO-CDMO – no conflict
- Leadership commitment
- ISO 27001:2013 certified
Key HR Measures
- Prior to Hiring: Multiple interviews to assess candidate’s suitability, including independent HR assessment, and Candidate Profile Analysis through Thomas Profiling for mid and senior level.
- Background Check: Verification of details provided by the candidate at the time of application. This includes address check, reference check with former employers and verification of academic qualification.
- On boarding: Conveying key SOPs and business requirements to candidates during the induction process; signing of confidentiality agreement as part of acceptance of job offer, and training on IP and confidentiality.
- Ongoing: Refresher training on security practices and IT security SOP, continuous communication on latest security practices and upgrades, and focus on employee retention
- Employee Exit: Employee information handover is mandatory during exit process; all logins and sign-ons automatically disabled on exit, signing of general release & confidentiality at exit, and reiteration of confidentiality clause to the employee by HR.
- Legal Review: Confidentiality agreement validity verified by leading legal firm, validity of confidentiality upheld by local country legal system
- Confidentiality Agreement validity verified by Tier 1 Indian Legal firm, validity of Confidentiality upheld by Indian legal system
Information / Cyber Security Controls
Information Security Council formed to drive Information Security Management System (ISMS) incorporating Information Security in Organization’s culture inline with ISO 27001:2013
All information from client and project related artifacts treated “Confidential”.
Web Access: As a standard practice access to internet websites is protected for employees.
Email Control: All employees (except specific roles that require external interaction) are not allowed to send emails outside the Sai domain, hence preventing leakage of information.
Mass Storage: Standard controls like blocking of mass storage devices, USB ports are enforced.
Policy & Training: Policies are enforced, continuously improved and associated training conducted.
GxP Computerized Systems: USFDA 21 CFR Part11, EU Vol4 Annex 11 regulations and ISPE GAMP5, ICH guidelines followed applying necessary controls on GxP computerized systems used in R&D and Manufacturing facilities.
Data Management: Physical and logical segregation of customer data at application and server level (as needed)
Data Centre with redundancy: We have full application Image & Data Backup, which can be restored at alternate location for critical applications.
Dedicated work area, Restricted access & Segregated networks (as needed)
Printing and Photo-copying control
Key technology attributes that make Sai’s IT Information Systems secure & robust
Strong focus on:
- Network Security
- IT Infrastructure Security
- Application Security
- E-Mail Security
- OT Security
- Physical Security