Trust & Security

Built for sponsor-grade scrutiny.
Auditable end-to-end.

YANA holds verified credentials, training records, and placement history for the clinical research workforce. We treat that data with the same rigor regulated sponsors apply to clinical systems.

Live compliance roadmap

Updated quarterly. Email trust@yanacareers.com for our DPA, sub-processor list, or audit summary letters.

Q-IAOCR Certified Trainer

Cert #16167194 — curriculum & assessment authority

Live

ICH-GCP E6(R3) alignment

Curriculum + assessment branches mapped to E6(R3) clauses

Live

GDPR + UK GDPR

DPA available · EU/UK data residency · DPO contact published

Live

Encryption at rest & in transit

AES-256 at rest · TLS 1.3 in transit · KMS-managed keys

Live

SSO / SAML 2.0

Okta, Microsoft Entra ID, Google Workspace

Live

SOC 2 Type II

Audit window opened Q2 2026 · readiness assessment complete

In progressReport Q4 2026

21 CFR Part 11 readiness

Audit trail, e-signature, system validation package for sponsor adoption

In progressQ3 2026

ISO 27001

Scoping started for global enterprise customers

Planned2027

HIPAA BAA

Available on request for US site network customers

Live

Penetration testing

Annual third-party pentest · summary letter on request

Live

Vulnerability disclosure

security@yanacareers.com · 90-day coordinated disclosure

Live

Request DPA / SOC 2 letter See integration security model

Built for sponsor-grade scrutiny. Auditable end-to-end.

Live compliance roadmap

Built for sponsor-grade scrutiny.
Auditable end-to-end.