Compliance · Ozette

By establishing clear standards, protocols, and metrics for quality assurance, our QMS not only enhances product and service quality but also cultivates a culture of accountability and excellence. It is maintained by a dedicated Quality team with decades of industry expertise, facilitates compliance with regulatory requirements, and fosters continuous improvement.

Regulatory Affairs

Ozette is dedicated to ensuring our products meet or exceed applicable guidelines, standards, and regulations. Current applicable guidelines, standards, and regulations implemented into Ozette's QMS include:

21 CFR Parts 11, 50, 54, 56, 812, 820 (FDA)

29 CFR Part 1910 (OSHA)

45 CFR Part 164 (HIPAA)

Washington Administrative Code (WAC), WA Dept. of Labor & Industry

WHO GCLP & DAIDS GCLP Guidelines

ICH E6 Good Clinical Practice

GAMP5

IEC 62304

ISO 13485

ISO 14971

ISO 27001

ISO 9001

SOC 2

EU 2016/679 GDPR

Labeling (FDA): The data provided by Ozette is for research/investigational use only, not for use in diagnostic procedures; the performance characteristics of this product have not been established for diagnostic procedures.

Information Security

Ozette's IT infrastructure employs robust industry best practices to ensure the confidentiality, integrity, and availability of customer data. We prioritize information security compliance by implementing encryption protocols, access controls, training, and regular security updates to mitigate potential risks and vulnerabilities.

Dedicated information security staff
Formal, documented security policies reviewed on a scheduled cadence
Company-wide training on security, cybersecurity, and HIPAA/GDPR
Strict controls keep customer data separate; access restricted to authorized personnel
Data encrypted at rest and in transit
Network and wireless connections monitored and controlled
Penetration tests and network scans performed regularly
Infrastructure hosted by Amazon Web Services with best-in-class security

Compliance & Continuous Monitoring

Continuous monitoring enables our organization to meet regulatory requirements and maintain the highest standards of data protection. Additional details on continuous monitoring of Ozette's security infrastructure are available via our Drata Trust Center. Ozette complies with all legal requirements for handling personally identifiable data, including US HIPAA and EU/UK GDPR.

Data Protection Officer (DPO): Contact dpo@ozette.com for all EU/UK Right to Erasure, Right to Restrict Processing, Right to Data Portability, and Right to Object requests.

EU GDPR Representative

Osano International Compliance Services Limited
ATTN: JYTM
3 Dublin Landings, North Wall Quay
Dublin 1, D01C4E0

UK GDPR Representative

Osano UK Compliance LTD
ATTN: JYTM
42-46 Fountain Street
Belfast, Antrim, BT1-5EF

A higher standard. Quality assured.

Regulatory Affairs

Information Security

Compliance & Continuous Monitoring

EU GDPR Representative

UK GDPR Representative

Talk with an Ozette scientist.