Data Security and Privacy
Regulatory compliance
All marketed products hold required approvals from the Central Drugs Standard Control Organisation (CDSCO) and other global authorities, with additional registrations underway for upcoming launches. We maintain all licenses and certifications necessary for lawful development, distribution, and clinical use. Our processes align with ISO 9001:2015 and ISO 13485:2016 principles, ensuring compliance, patient safety, and product quality across design, development, and post-market operations.
Medical device software compliance
Aarca Research is practicing ISO 9001:2015 and ISO 13485:2016 principles, implementing industry-standard medical device quality management systems that cover design and development, supplier management, risk management, complaint handling, clinical data, cybersecurity, distribution, product labeling, and post-market surveillance.
Security and HIPAA
Data security is a core priority at Aarca Research. We are certified to ISO/IEC 27001:2013 and maintain HIPAA-compliant policies, procedures, and technical safeguards to protect patient and customer data.
Secure Facilities (SOC 2)
We are Service Organization Control 2 (SOC 2) compliant, ensuring that health system and patient data are managed under the highest standards of operational and information security.
Encryption and Backups
All patient data is encrypted with HIPAA-compliant, NIST-recommended 256-bit AES encryption using managed keys. Backups are performed regularly, with recovery testing to ensure data integrity and availability.
BAA Agreements
We execute Business Associate Agreements (BAAs) with subcontractors and hosting providers to ensure HIPAA compliance and full protection of sensitive data across the chain of custody.
Compliance and Security Contact
For questions, reporting, or concerns regarding compliance or data security, please
contact us at:
contact@aarcaresearch.com