ISIDOR® Technology Solutions FAQ

Frequently Asked Questions

®

http://www.biostorage.com/ISIDOR/

3


Introducing ISIDOR

Data Connections

Architecture & Hosting

Authorization and Authentication

Security

Project Design & Data Modelling

Compliance

4

8

10

14

16

20

23

What is ISIDOR?

ISIDOR (Integrated Sample Intelligence Data Online Repository) is a transformational and scalable informatics platform which integrates research and sample data to advance bioscience discoveries. ISIDOR services deliver business insights to advance research decision-making by enabling secure data connectivity, global data virtualization and intelligent data visualization which expands data interoperability. Our ISIDOR services are web-based to support fast and easy access to sample data managed by BioStorage Technologies and to enable the integration of client research data stored within other third-party databases. ISIDOR delivers a virtual view to this data within a secure, cloud-basedtechnology platform and provides custom visualization and reporting of this data which enables improved optimization and valorization of vital research sample assets.

33

®


What is the value of ISIDOR? ISIDOR offers a more comprehensive platform of sample data

management solutions including our BioInventory, BioConnect and BioInsight services. ISIDOR expands your ability to connect sample data with related research data from other source database systems

(ex. LIMS, CTMS, CRO or biobank databases, etc.) into a single web-based view regardless of where the samples or data reside.

“ISIDOR expands your ability to connect sample

data with research data from many other source

databases...”

IntroducingISIDOR

4

IntroducingISIDOR

5

Why do I need ISIDOR if I already have ISISS?

ISIDOR brings an expanded technology capability for manag-ing samples physically stored at BioStorage Technologies. Through our BioInventory services, BioStorage Technolo-gies has enhanced our prior ISISS sample inventory database by adding a more visual and personal dashboard approach to managing samples at a project level. In addition, our BioInven-tory services enable the integra-tion of sample tracking within our bioprocessing laboratories through BST LIMS.

Who manages the third-par-ty sample data service pro-vider to ensure they are providing the data needed for integration within ISIDOR?

Our clients own the data stored in third-party vendor databases and are responsible for securing the approval from these service providers in order to allow BioStorage Technologies to access the data stored within their systems. Once we receive the approval from a client, we

work directly with their data pro-viders to ensure a fast and seam-less transition of all sample data into ISIDOR.

Can I use ISIDOR if I do not have sample data stored at BioStorage Technologies?

The ISIDOR BioInventory service is complimentary to any client who stores some or all of their research samples with BioStorage Technolo-gies. The BioConnect and BioIn-sight services are available as upgrade services upon consultation with BioStorage. The data within ISIDOR BioConnect and BioInsight services can be comprised of data on samples stored in our facilities, as well as other data related to these samples that may be stored by a client in internal databases or other external laboratory, CRO, hospital, academic, foundation and other source database systems. If a research organization is interest-ed in our BioConnect and BioInven-tory services but does not desire to store samples with BioStorage, through a consultative process we will work to determine if a technol-ogy collaboration would be mutual-ly beneficial.

What types of data reporting can ISIDOR provide?

ISIDOR can provide visual charting and reporting of any data that is accessible within the system. Common examples include: sample inventory composition, tracking of samples in inventory by location, sample data entry validation flaws, logistical sample consolidation opportunities, sample consent tracking for re-use, sample collection reporting by site, site collection performance, status of sample consent, compliance and permissions, sample destruction status and requests, when to replenish sample stock, as well as supplies and materials in inventory.

How is informed consent information populated into ISIDOR and who man-ages this consent data?

ISIDOR provides the flexibility to integrate informed consent data with other sample data sources and to link this data through defined rules provided by our clients to their specimen data. ISIDOR supports the integration all types of informed consent data including Single-Use, Broad, Tiered or Dynamic consent.

ICF rules designed at the study or protocol level are linked to research subjects and their respective biospecimens stored in ISIDOR. In addition, the integration of informed consent enables our clients to flag a sample for "reconsent" or "willing to contact". Each ICF consent flag becomes a searchable filter within your ISIDOR dash-board view. BioStorage Technologies clients are responsible for managing the collec-tion and adminstration of informed consent within their respective clinical trials.

What is the process for setting up ISIDOR and who needs to be involved in the process?

BioStorage Technologies uses a four step innovative technology design process when establishing a custom ISIDOR Solution for a client. The ISIDOR process steps include: discov-ery, design, development and delivery.

How long does it take to set-up ISIDOR?

The time allocated to deliver an ISIDOR Solution is dependant upon the needs of each client and the level of project plan customization required. Following a consultation, our technology experts will provide you with an estimated timeline for development.

IntroducingISIDOR

6

















7

















IntroducingISIDOR

8

DataConnections

Which types of third-party systems can ISIDOR connect to?

ISIDOR technology solutions are designed to connect sample inventory data systems with many other systems which store data located within enterprise systems, laboratory and clinical trial management systems, customer relationship databases and various other custom databases. Our technology experts provide third-party data integration consulting and develop custom solutions to support business decisions.

What types of data sources does ISIDOR work with?

ISIDOR utilizes a Denodo middleware software platform to combine data from various models including: text file formats (ex. .CSV, .TXT, .XLSx), relational databases (ex. SQL, MySQL, NoSQL, Oracle, SAP, DB2, Informix) ETL tools (ex. Informatica) data warehouse products (ex. Amazon Redshift), open source distributed data management systems (ex. Apache Cassandra, Hadoop), CRM databases (ex. Salesforce.com) and various other web services. ISIDOR can connect via any standard ODBC or OLAP methods including existing BI platforms (SAP, Cognos, SAS, Tableau, etc.).

9

DataConnections

What is data virtualization?

Data virtualization (DV) combines disparate data sources into a single 'virtual' data layer that provides integrated data services to consuming applications in real-time.

How do the various data sources get mapped and connected within ISIDOR?

BioStorage Technologies collaborates with you to build a roadmap of data elements connected to the samples in your biobank that may be stored within many other disparate databases. Through a process of data virtualization we provide an integrated virtual view of all your source data related to each specific biological sample. We do not need to move or copy source data but instead we provide a virtual data view of this integrated data and we work with our clients to build a personal-ized configurable data dashboard to view this data within our ISIDOR BioInsight service.

10

Architecture&Hosting

What is the ISIDOR system architecture?

ISIDOR utilizes a high-performing, global web architecture which allows for flexible virtualiza-tion of data from many systems into a singular view. Customized visualizations and reporting of this data is developed to meet specific client needs and made available via a secure cloud-based, web portal.

11


Where does my original source data reside when using ISIDOR?

Source data remains in your data-base systems. ISIDOR connects to your system via secure methods to query your data and employs a process of data virtualization to capture a virual view of your source data. ISIDOR can be con-figured to cache or not cache data depending on your data policy and performance requirements.

What is "cache" data?

Cache data is a temporary copy of commonly queried data stored in memory in a user’s browser or on a server for the purpose of speed-ing up the rendering of data and reducing strain on source systems. Caches can remain in memory for a very short time, a long time, or not at all. The decision to cache data can be made on a system by system basis to accomodate per-formance or data policy concerns.

Where will my ISIDOR data be hosted and stored?

BioStorage utilizes Amazon Web Services (AWS) to host the ISIDOR web infrastructure "in the cloud".

This includes the ISIDOR applica-tion code, web server and data modeling layers and may include sample inventory data managed by BioStorage and temporary caches of your other source data if this is requested. AWS maintains nine global independant storage regions around the world in the US, South America, Europe, and Asia Pacific which ensure the highest level of data security and stability.

How can ISIDOR ensure that data at rest always resides within our company's secure network?

ISIDOR can utilize a cache data-base in your network in the same way it connects to your various source databases. ISIDOR manag-es the cache time rules but the data resides inside your network on your database infrastructure.

Can ISIDOR connect to repli-cated databases or only pro-duction databases?

ISIDOR is hosted by BioStorage Technologies and can connect data from either replicated or produc-tion databases or can support data from both environments.

Does ISIDOR require users to install any soft-ware or hardware?

ISIDOR provides IT infra-structure via a Virtual Private Cloud (VPC) so it does not require installation of any software or specific hard-ware. Users access and interact with ISIDOR via modern web browsers. (Internet Explorer, Chrome, Firefox, etc.)

Is ISIDOR an on-premise or off-premise solution?

ISIDOR is hosted by BioStor-age Technologies as an off-premise, soft-ware-as-a-service (SaaS) or cloud-based solution.

12

















13

.


14

ISIDOR utilizes a high-performing, global web architecture which allows for flexible virtualiza-tion of data from many systems into a singular view. Customized visualizations and reporting of this data is developed to meet specific client needs and made available via a secure cloud-based, web portal.

Authorization &AuthenticationHow many user licenses do we need? Do external users (our customers or researchers) need ISIDOR user accounts?

The number of user licenses is influ-enced by your own data protection policies and is flexible depending on your needs. In some cases, each user accessing any sensitive data (PII, PHI, etc.) might require uniquely identifiable user accounts. In other cases, such as providing an aggregated view of data without PII or PHI it is possible to allow general/public users to "share" a system account.

Who controls the access level to ISIDOR data?

BioStorage Technologies assigns specif-ic data access rights to specific users or groups of users based on client request and approval.

Can we restrict access to our data based on various roles?

Yes, ISIDOR accommodates different data access roles and permissions. Data can be restricted by user groups; at the project level, page level or attribute level.

How are changes to user permis-sions maintained in ISIDOR?

BioStorage Technologies offers flexible options to managing user permissions. We can maintain the user administrator role on your behalf in which change requests are initiated through your BioStorage project manager. Alterna-tively, we can enable direct integration to your existing using management system or we can assign an ISIDOR User Administrator license to a member of your staff to manage from the ISIDOR web interface.

Does ISIDOR support integration with my internal authentication system for single sign-on?

Yes, SSO can be deployed with ISIDOR, depending on the client's internal system environment and capa-bilities.

15












Authorization &AuthenticationHow many user licenses do we need? Do external users (our customers or researchers) need ISIDOR user accounts?

The number of user licenses is influ-enced by your own data protection policies and is flexible depending on your needs. In some cases, each user accessing any sensitive data (PII, PHI, etc.) might require uniquely identifiable user accounts. In other cases, such as providing an aggregated view of data without PII or PHI it is possible to allow general/public users to "share" a system account.

Who controls the access level to ISIDOR data?

BioStorage Technologies assigns specif-ic data access rights to specific users or groups of users based on client request and approval.

Can we restrict access to our data based on various roles?

Yes, ISIDOR accommodates different data access roles and permissions. Data can be restricted by user groups; at the project level, page level or attribute level.

How are changes to user permis-sions maintained in ISIDOR?

BioStorage Technologies offers flexible options to managing user permissions. We can maintain the user administrator role on your behalf in which change requests are initiated through your BioStorage project manager. Alterna-tively, we can enable direct integration to your existing using management system or we can assign an ISIDOR User Administrator license to a member of your staff to manage from the ISIDOR web interface.

Does ISIDOR support integration with my internal authentication system for single sign-on?

Yes, SSO can be deployed with ISIDOR, depending on the client's internal system environment and capa-bilities.





16












Data Security

How secure is my ISIDOR data stored in the cloud?

ISIDOR data stored in the cloud is protected by firewalls which segment your data from other stored data to isolate and control access to your data. The access is protected by secure encryption methods and various levels of user

permissions. Data in-transit is encrypted using HTTPS/SSL with a 2048-bit SHA2 SSL certificate.





17

Data Security

Why was Amazon Web Ser-vices selected as your cloud service provider?

BioStorage Technologies reviewed AWS SOC (SSAE16) reports on AWS controls and qualifed AWS as a supplier. In a 2015 Public Cloud Infrastructure as a Service Magic Quadrant report, AWS was recognized as a leader and the "safe choice" provider of global cloud services.

What security qualifications or certifications does AWS maintain?

Amazon Web Services (AWS) has achieved SSAE 16 certifica-tion and has published a Service Organization Control 1 (SOC 1®) report. AWS maintains assurance programs and certifi-cations with ISO 9001, ISO 27001, FISMA, FedRAMP, HIPAA, and EU Safe Harbor Data Protec-tion.

What is SSAE 16 certifica-tion?

The SSAE 16 is a regulation created by the Auditing Stan-dards Board (ASB) of the Ameri-can Institute of Certified Public

Accountants (AICPA) for redefin-ing and updating how service companies report on compliance controls. SSAE 16 examines both internal controls and processes at a service organization that impact a user entity’s controls over financial reporting, as well as it requires the verification of design and operating effective-ness. There are two types of SSAE 16 audits:1. Type 1 - Auditors test the accuracy of the service provid-er's description and assertion.2. Type 2 - Auditors test the accuracy of the service provid-er's description and assertion, as well as the implementation and effectiveness of controls over a specific period of time. What is the difference between SSAE 16 and SAS 70 reports?

SAS 70 reports (Statement on Auditing Standards No. 70) were a widely recognized auditing standard that provided guidance on auditing a service organiza-tion's internal controls and reporting its customers' financial reporting processes. Unlike the SSAE 16, it was not designed to

examine compliance and opera-tional issues, such as security, availability, processing integrity, confidentiality or privacy. In April 2010, the AICPA (American Institute of Certified Public Accountants) announced the retirement of SAS 70 to be replaced by SSAE (Statement on Standards for Attestation Engagements) 16.

What is the AWS Service Organization Control 1 (SOC 1®) report and can you provide me a copy?

Service organization control reports enable CPAs to provide assurance on internal controls over subject matter other than financial reporting while filling the marketplace’s need to demonstrate reliability and mitigation of risk. They are called SOC 1, SOC 2 and SOC 3 reports. The SOC 1 report essentially fills the role of a SAS 70 report as it was originally intended. BioStorage Technolo-gies is not legally permitted to provide copies of the AWS SOC 1 report, but we can provide you with a copy of our audit of the SOC 1® report.

How does BioStorage Tech-nologies ensure HIPAA com-pliance with ISIDOR?

All employees at BioStorage Technologies are trained on HIPAA best practices (Guideline G200-0220). The AWS infra-structure has HIPAA compliance built in.

Do I need to set-up a VPN to access ISIDOR data?

It is not necessary for a VPN to be established to access ISIDOR data.

How is ISIDOR data secured, isolated and pro-tected from other individu-als storing or accessing data on AWS?

ISIDOR user data and virtual data views are isolated from other AWS customers using security firewalls and each user’s data is protected within the cloud by employing a dedicated Virtual Private Cloud (VPC) environment for each user.

Does BioStorage Technolo-gies have a Security Inci-dent Response Plan?

Yes, BioStorage Technologies maintains a security incident response plan. Our Quality Assurance department can provide upon request more details on this process as requested.

How does BioStorage Tech-nologies support security of the application layer, test application platforms and monitor for intrusion?

BioStorage Technologies per-forms scheduled comprehensive security intrusion detection tests.

18

Data Security






















19

Data Security






















20

Project Design&Data Modelling

ISIDOR can accommodate the storage or virtual views of data from single or multi-ple projects. Projects provide a point of entry for a set of data objects (reports,

dashboards, etc.). Data objects are organized in one or more "folders" within a project. Users may have access to only those data objects, folders, and projects

they have been granted permissions. Different levels of permissions may be assigned as appropriate to users based

on client defined criteria.

21


How can you tell the age of data within the system?

BioStorage Technologies can provide an aging report of data within ISIDOR.

Can data be partitioned and presented by geographic, business unit, or departmen-tal boundaries?

Yes. ISIDOR data can be designed to be viewable within dashboards across the entire organization, by business unit or department but filtered by or reported by logical boundaries such as geography.

How is data presented in ISIDOR?

ISIDOR presents data views in a flexible textual report or visual dashboard formats. Reports are often presented in grid (col-umns/rows), cross tab, or pivot layouts. Dashboards are gener-ally more visual displays contain-ing charts, graphs, maps, gages and indicators. Both reports and dashboards are automatically updated by the user on-demand and may be scheduled for deliv-ery to email recipients to sup-

port proactive alerts, exceptions, or pick lists, etc. The reporting formats are interactive and engaging, allowing users to search, filter, drill, sort, hover and click and are linked to enable rapid transition from high level explo-ration to low level detail. ISIDOR reporting data can be exported to PDF, Excel, or CSV.

Who builds and maintains our reports and dashboards?

BioStorage Technologies provides flexible solutions for the management of dashboard development and reporting. We can offer ISIDOR users a base set of custom reports and dashboards configured to meet their requirements. Users may be given access and the ability to create per-sonal views (add, remove, or rearange columns or graph types, or building ad hoc reports). In addition, the management of ad hoc report building can be transitioned to an internal enterprise level team or individual while you still maintain the option to outsource report building to us for small or large ad hoc reporting proj-ects as needed.

Who manages the ISIDOR data-base after implementation (sys-tem, interactions, clean-up)?

BioStorage Technologies manages ISIDOR including the database system and all management of security and maintenance.

What level of BioStorage project management experience is pro-vided to manage technology projects?

BioStorage Technologies provides project managers with the highest level of technical expertise and train-ing to support the development and ongoing management of your ISIDOR Solution.

How do we ensure ISIDOR con-tinues to work for us if our data model or source systems change significantly or frequently?

ISIDOR can easily accommodate changes and/or additions to your data model. While you can initiate project work on an as-needed basis, you may choose to work with your project manager to plan and budget for anticipated maintenance changes within your service contract.

How does ISIDOR make sense of similar data from multiple sys-tems when the data is named and structured differently?

ISIDOR maps your data during the initial setup of each source system. Each independent data source schema is known to ISIDOR (i.e., tables, columns, values, data types are available) and maintained as metadata. A collection of data source schemas composes the data ware-house for your project. We then configure a data architecture to build connections between various tables, columns and attributes to support your data integration needs.

How do we define who should receive proactive notifications of sample communications - ex. destructions, access requests, etc.)

ISIDOR allows for customized alerts and notifications to meet specific client needs. BioStorage Technolo-gies can recommend best practices in alerts and notification communica-tions.

22





















23

Compliance

Is ISIDOR 21 CFR Part 11 compliant and validated?

Internal data managed by BioStorage Technolo-gies systems in BioInventory (i.e., ISISS) and BST LIMS will be validated to meet US FDA 21 CFR Part 11 compliance standards. Clients are responsible for QA processes and validation of any external systems which generate data that is not residing within our BioInventory (ie.ISISS) database and that is integrated and provided as data files within either our BioConnect service or visualized in dashboards within our BioInsight service. The AWS infrastructure that stores all client data is qualified by BioStorage Technolo-gies.

Will BioStorage Train all ISIDOR users and maintain documentation of training?

BioStorage Technologies will provide clients with training on how to access and use ISIDOR; however, training documentation will need to be managed by each client.




















Frequently Asked Questions

®

ISIDOR® Technology Solutions FAQ

Documents