Home Trust Center Trust Center – Ascentry Cloud (Validation Manager)

Laboratory technician reviewing test data on a computer beside advanced diagnostic analyzers in a modern clinical lab.

Enterprise-grade security for cloud-based verifications and validations

Validation Manager is developed and operated by Ascentry Finland under an ISO/IEC 27001:2022 certified Information Security Management System.

Our cloud platform protects your sensitive validation data while delivering the reliability and performance your laboratory depends on.

The certification applies to the management system of the legal entity. It does not certify the product itself.

ISO/IEC 27001:2022

Certified information security management system

At the heart of Validation Manager’s security is our Information Security Management System (ISMS), operated by Ascentry Finland (Finbiosoft Oy) and certified to ISO/IEC 27001:2022. This establishes the foundational principles guiding our operations.

All our employees, contractors, and partners operate within this framework, emphasizing vigilance and security. As digital threats continually evolve, we prioritize your security, enabling you to conduct business confidently.

ISO/IEC 27001:2022 certification applies to the ISMS of Finbiosoft Oy (Ascentry Finland). It does not certify the product itself.

Read more about ISO/IEC 27001:2022
Download our ISO/IEC 27001:2022 certificate

Why ISO/IEC 27001:2022 matters

ISO/IEC 27001:2022 provides a comprehensive, internationally recognized approach to information security. Aligning our Information Security Management System (ISMS) with this standard ensures that we consistently establish, maintain, and improve the processes that protect your data and secure your diagnostic workflows.

External audits

The ISMS operated by Ascentry Finland is subject to regular independent audits by independent accredited certification bodies. These external reviews verify our compliance with ISO/IEC 27001:2022 requirements and validate that we follow global best practices — ensuring top-level security wherever we operate.

 

ASVS OWASP

Application security verification

Our commitment to security goes beyond just our operations — it’s integral to our products. Validation Manager meets the stringent ASVS OWASP criteria, demonstrating our product’s cybersecurity posture through independent security assessment.

Validation Manager is developed, tested, and maintained according to ASVS OWASP criteria, providing our clients with assurance that our product is secured against known vulnerabilities. Independent security assessments verify our adherence to these standards.

Read more about OWASP Application Security Verification Standard (ASVS)
Download our latest Security Assessment Attestation

Continuous validation

Regular penetration testing by independent security experts verifies our technical security controls remain effective against real-world attack scenarios. These ongoing assessments complement our development security practices and provide continuous verification of our defenses.

 

What is ASVS OWASP

The Application Security Verification Standard (ASVS) by OWASP provides a comprehensive framework for testing the security of web applications. Validation Manager is developed, tested, and maintained according to ASVS OWASP criteria, providing assurance that our product is secured against known vulnerabilities.

ASVS OWASP is a security verification framework, not a certification program. Our attestation demonstrates independent third-party verification of security controls.

 

 

Physical security and infrastructure

Our service infrastructure is hosted on Microsoft’s Azure cloud platform. Azure provides highly secure services, building on high security from the ground up.

Azure’s adherence to the strict security controls contained in these standards is verified by rigorous third-party audits that demonstrate Azure services work with and meet world-class industry standards, certifications, attestations, and authorizations.

Ascentry Cloud can be deployed in US-based Azure data centers for US customers, and in European (EU) Azure data centers for customers in other regions, depending on customer requirements and service configuration.

Read more about Azure compliance documentation

Azure cloud platform – Built on enterprise security

Azure servers are hosted at facilities compliant with FedRAMP, ISO/IEC 27001, SOC 1 (SSAE 18/ISAE 3402), SOC 2, CFR Title 21 Part 11, and HIPAA.

 

 

Data privacy and GDPR compliance

We prioritize the privacy and protection of personal data. Respecting the rights of individuals and safeguarding their personal information is fundamental to our operations. Ensuring data privacy is not just about compliance for us; it’s about building and maintaining the trust of our users and partners. We adhere strictly to the General Data Protection Regulation (GDPR) requirements, ensuring that:

  • 1

    Consent and transparency

    Before collecting any personal data, we obtain clear and informed consent. We ensure that our users understand why and how their data will be used.

     

  • 2

    Data minimization

    We only collect the data necessary for our services, ensuring it is relevant and limited to what is essential.

     

  • 3

    Right to access and erasure

    Individuals have the right to access their personal data and request its deletion. We’ve streamlined processes to address these requests promptly.

     

  • 4

    Data protection

    With stringent security measures, we ensure the safety and integrity of personal data against breaches and unauthorized access.

     

  • 5

    Continuous review

    Regular audits and reviews are conducted to ensure our data handling practices remain compliant and updated with the GDPR standards.

     

Have questions about Validation Manager security?

Please contact us to get help with your questions regarding the safety and security of our products and operations.

Contact us