Compliance You Can Trust

5thPort delivers a transparent, traceable environment aligned with global regulatory frameworks.

Our information security posture is driven by well-documented security and quality protocols. Every member of the 5thPort team completes annual information security training, and all system updates or changes undergo a formal validation process. As a result, the platform operates in a continuous state of validation, supporting ongoing system integrity efforts.

Below, we detail how 5thPort aligns with key regulatory and security frameworks, including SOC 2 Type II, HIPAA, FDA 21 CFR Part 11, ICH-GCP, and EudraLex Annex 11.

A-LIGN SOC 2 - 5thPort Certificate

SOC 2 Type II Certification

5thPort is SOC 2 Type II certified and has completed its annual SOC 2 Type II audit, conducted by an independent external auditing firm.

Our SOC 2 Type II certification reflects alignment with the five Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA):

  1. Security
  2. Availability
  3. Processing integrity
  4. Confidentiality
  5. Privacy

HIPAA 

5thPort safeguards Protected Health Information (PHI) with enterprise-grade security controls. We do this through encryption of data in transit and at rest, granular user permissions, and continuous monitoring to protect patient data whilst supporting organizational compliance with U.S. privacy and security regulations.

Logo depicting that 5thPort's eConsent software is HIPAA compliant.
Logo depicting that 5thPort is FDA CFR Part 11 compliant.

FDA 21 CFR Part 11

5thPort complies with FDA 21 CFR Part 11 requirements for electronic records and electronic signatures. Every digital consent and signature is securely authenticated, time-stamped, and linked to an auditable record, ensuring data integrity and legal equivalence to paper documentation through validated system controls and tamper-evident tracking.

Good Clinical Practice (ICH-GCP) 

5thPort aligns with International Council for Harmonisation – Good Clinical Practice (ICH-GCP) principles, which establish global standards for the ethical conduct of clinical research involving human participants. The platform ensures that patients provide informed consent or approval before being enrolled in a patient engagement plan, standardizes consent documentation, and maintains full traceability throughout the engagement lifecycle. By enabling real-time documentation and audit-ready records, 5thPort supports sponsors and sites in meeting ICH-GCP expectations for ethical oversight, participant protection, and data integrity.

Logo depicting that 5thPort is GCP compliant.
Logo depicting that 5thPort's eConsent software is Eudralex Annex 11 compliant.

EudraLex Annex 11

For organizations operating in the European Union (EU) or under European Medicines Agency’s (EMA) oversight, 5thPort adheres to Annex 11 requirements for computerized systems. Our validated infrastructure includes controlled access, audit trails, and change-control documentation to maintain data reliability and compliance throughout the clinical lifecycle.

See how 5thPort meets your patient education needs.