Skip Navigation or Skip to Content
contact_us_email
contact_us_email

Trust Center

Table of content

Tenthpin Group is committed to providing efficient and high-quality services to our clients. We strive to ensure customer satisfaction while meeting all relevant statutory and regulatory compliance requirements of the Life Science industry.

Our Trust Center is here to help you understand the measures we take to ensure quality and information security in the services and solutions we provide.

Our commitment to quality and security

The Executive Board is committed to:


  • Delivering services that fully meet client requirements.
  • Providing the resources, training, and leadership needed to make quality everyone’s responsibility.
  • Ensuring every employee understands their role in the Quality Management System and its impact on our success.
  • Proactively addressing risks, opportunities, and stakeholder expectations.
  • Continuously improving through objectives, audits, corrective actions, and management reviews.
  • Internal and External Audits Management SOP

Certified quality and information security

Certified quality and information security

Quality Management System

Our Quality Management System (QMS) ensures that customers get consistent, high-quality services and solutions.

It supports risk-based thinking and continuous improvement, embedding quality by default and by design into our operational and development processes.

Information Security Management System

Our Information Security Management System (ISMS), fully integrated with our QMS, enables us to:

  • systematically operate and maintain information security in our services and solutions, 
  • determine and apply the necessary security measures based on our risk evaluation.

Our comprehensive QMS (Quality Management System) meets the full requirements of the industry-led standards for quality (ISO 9001:2015) and information security (ISO/IEC 27001:2022), and has been externally certified by SQS, an independent accredited certification body.

9001

See our ISO 9001:2015 certificate

27001

See our ISO/IEC 27001:2022 certificate

Key elements of our QMS

We take the following steps to ensure the quality of our services and solutions: 

Quality and Operational Policies

At Tenthpin we understand that formal procedures, controls, and well-defined responsibilities need to be in place to ensure continued quality and information security. Key quality and operational Policies and SOPs (Standard Operating Procedures) are:

  • Quality Manual
  • Risk and Opportunity Management SOP
  • Incident Management SOP
  • Document and Record Management SOP
  • NC and CAPA Management SOP
  • Training Management SOP
Information Security Policies

A comprehensive set of security policies is in place and in use. These policies contain information security objectives and risk management strategy. Key information security Policies and SOPs (Standard Operating Procedures) are:

  • Information Security Policy
  • Acceptable Use Policy
  • Access Management SOP
  • AI Policy
  • Acceptable use of AI-enabled tools Policy
  • Business Continuity Policy
Enterprise Risk Management

We conduct regular risk assessments to evaluate risks and opportunities to the organization, our operations, and our solutions.

Rigorous Access Management

Access to our systems is managed through a documented procedure that covers requesting, granting, checking, and revoking access. All systems undergo periodic (at least once per year) access reviews. 

We adhere to the principle of least privilege, ensuring that employees have access only to the specific systems and data required for their roles. All access is strictly logged and monitored.

Our password policy follows current industry’s best practices, i.e., NIST Special Publication 800-63B, supported by centrally controlled SSO (Single-Sign On) and mandatory 2FA (second factor authentication)

Human Resources Security

Every employee undergoes security awareness training during onboarding and on an ongoing basis.

All employees and subcontractors are required to sign a confidentiality agreement (NDA) to ensure the proper understanding of their responsibility.

Secure Tooling and IT Infrastructure Protection

We use only reputable solutions from vetted vendors.

MDM (Mobile Device Management) system is in place to protect end-user devices and ensure compliance with internal security policies.

We follow industry best practices to encrypt data in transit and at rest.

All changes to the IT environment are managed by internal IT processes

A culture of Continuous Improvement

We continually strive to improve our operations. Our ongoing improvement cycle is based on inputs from:

  • Internal and external audits 
  • Identification of improvement areas 
  • Enterprise risk management

We are committed to eliminating non-conformities and preventing their recurrence.

At Tenthpin, quality is not just a standard – it’s a promise. Every service or solution we deliver is designed to fully meet client requirements, ensuring satisfaction and long-term trust.

Jakub Bryl

Global Head of Security and Compliance (CISO)

Jakub Bryl

Tenthpin Solutions: Enterprise-grade security for Life Sciences

Product Quality Assurance Framework

When we design, develop, and deploy our software solutions, we do so with quality and security in mind from the outset of the process.

Our Secure System Development Lifecycle is designed to support the creation of GxP-ready and HIPAA-compliant solutions.

Product quality assurance framework

Product quality assurance framework

In our process, we have successfully applied a risk-based approach and quality risk management. It enables us to maintain agility and meet rigorous deadlines while adhering to the stringent compliance requirements of the Life Science industry.

DevOps’ security as code

We use a DevOps approach that integrates software development and IT operations. This way, we can accelerate delivery timelines and improve system reliability. By embedding quality and security controls and compliance checks directly into the development lifecycle, DevOps ensures that quality, regulatory adherence, and risk mitigation are not compromised.

Software Development Security Controls in place include:

  • Security-by-design and privacy-by-design principles are integral to our software development processes.
  • The four-eyes principle increases code quality and security. All commits are subject to mandatory peer reviews.
  • Our software solutions undergo regular penetration testing (at least for each major release) executed by reputable, independent third-party security experts. These tests allow us to validate the effectiveness of our controls and quickly remediate any gaps.
  • All infrastructure access is strictly controlled and requires two-factor, multi-stage authentication.
  • Role-based access control allows for granular permissions for team members.
  • Our Production and Non-Production environments are segregated. We never use the client's production data for testing purposes.
  • Our solutions are regularly updated to maintain a current security posture.

Qualification is the foundation of trust

More than a regulatory requirement, qualification is the foundation of trust in every system you deploy across your Life Sciences operations. 

By weaving qualification into the software development lifecycle, Tenthpin enables your teams to embrace innovation without compromising compliance. This way, your digital infrastructure remains as robust and reliable as the therapies and technologies you deliver to patients.

Together, we can build a future where quality and speed go hand in hand, driving better outcomes across the Life Sciences industry.

Through our qualification framework, we aim to provide you with solutions that meet regulatory requirements while optimizing validation processes. Here’s what you can expect:

Compliant, GxP-ready software

Our software is fully qualified to meet GxP compliance and other standards (FDA 21 CFR Part 11, GDPR, EU AI Act, HIPAA). It’s ready for regulated environments so you can focus on your operations without compliance concerns.

Comprehensive documentation

Each product comes with complete documentation outlining our quality assurance framework, providing you with validation and audit evidence.

Tailored qualification packages

Tenthpin offers customized qualification packages aligned with your requirements, including setup plans, test cases, manuals, and release notes. This way, your Life Sciences company is offered everything needed for efficient validation.

Continuous qualification for SaaS products

For SaaS, we partner with 3rd party experts to manage continuous qualification via their Cloud Service Qualification Platform, with regular reports enabling us to monitor the platform’s qualified state.

Risk-managed solutions

Our risk-based approach identifies and addresses potential issues early, ensuring thoroughly tested, qualified products while minimizing validation effort and system failure risks.

Seamless integration with client validation

While you, as a client, remain responsible for final validation, our qualification processes are designed to integrate smoothly with your existing validation frameworks. This reduces your workload and ensures that our software supports your compliance objectives from the start.

Secure hosting

Our solutions are hosted in SAP or in Amazon Web Services datacenters (both meeting the requirements of ISO 27001, SOC 2 Type 2, HIPAA/HITECH, FedRAMP, and others).

From the first line of code to final deployment, our software solutions are built with security and privacy embedded – ensuring GxP and HIPAA compliance for our Life Sciences clients.

Jakub Bryl

Global Head of Security and Compliance (CISO)

jakub bryl

Our commitment to Trustworthy AI

At Tenthpin, we use AI to:

Enhance client outcomes

Utilize AI to support more accurate insights, scenario modeling, and forecasting in order to deliver higher-value recommendations to clients.

Improve operational efficiency

Automate repetitive or time-consuming internal tasks (e.g., data collection, analysis, reporting) to allow consultants to focus on strategic, creative, and interpersonal work.

Enable scalable knowledge management

Use AI to systematically organize, retrieve, and leverage firm-wide knowledge, ensuring better reuse of intellectual capital and faster onboarding.

Our AI principles 

Tenthpin adapted “3R” principles to the use, development, or provision of AI systems. “3R” stands for:

Responsible

Ensuring AI is developed and used ethically, fairly, transparently, and without harmful bias. This includes addressing privacy, security, explainability, and compliance with regulations.

Reliable

Building AI systems that perform consistently and accurately under various conditions, providing trustworthy results that businesses can depend on for critical operations.

Reproducible

Being able to trace, audit, and replicate the steps involved in developing and deploying an AI model, including data preparation, training, and decision-making processes. This is crucial for debugging, validation, compliance, and maintaining consistency.

Industry-recognized AI governance framework

Tenthpin developed an internal AI governance framework based on the ISO/IEC 42001 (AIMS, Artificial Intelligence Management System) and NIST guidelines. It enables us to design, develop, deploy, and utilize AI-powered solutions in a responsible, efficient, and secure manner.

Data privacy

Tenthpin is committed to processing personal data responsibly and in full compliance with applicable regulations around the world, including: 

  • Swiss Data Protection Act (FADP)
  • General Data Protection Regulation (GDPR) 
  • California Consumer Privacy Act (CCPA)
  • Our privacy team oversees our data protection program and is available to assist customers with privacy inquiries. Please contact them at privacy@tenthpin.com.

Transparency

We are proud to comply with industry-standard security frameworks and regulations. We welcome client audits and due diligence reviews, offering full transparency into our processes and controls – because we believe trust is earned through openness.

If you are already our client:

For any due diligence questions or audit requests, please get in touch with us at security@tenthpin.com. We would be happy to provide more details about our processes and implemented controls to support your Security and Compliance teams.

If you are considering working with us:

Under the NDA, we can host an audit prior to the engagement. For any inquiries, please get in touch with Tenthpin Partner .

Other Legal Info

Further resources

Access more information on our Privacy, Cookie, and Terms of Use policies below:

policy_icon

Privacy Policy

Read more
Cookie Policy

Cookie Policy

Read more
Terms of Use

Terms of Use

Read more
insta-footer facebook-footer linkdin-icon

We are a globally leading business and technology boutique consultancy for the Life Sciences industry. Our clients are leading companies from pharma, biotech, med tech, healthcare & animal health.

© 2025 Tenthpin AG | Illustrations by: www.till-lauer.ch

Trust Center | Privacy Policy | Cookie Policy | Terms of Use