Leova accelerates your pre-production setup, but we never rush security. We understand that vetting a new partner is a critical step in your workflow. We have centralized our certifications, security audits, and quality standards here to streamline your vendor assessment process.
Your protocols are your intellectual property. Through our strict enterprise agreements, your data is never used to train our AI models and is never accessible to other organizations. What you upload stays isolated and secure.
We provide full visibility, not "magic." You review and validate every edit check, form logic, and visit schedule. The system acts as a drafting assistant, but nothing moves to your EDC without your explicit approval.
Leova operates under BioInformatiCo's ISO 27001 Certified Information Security Management System (ISMS).
Secure by design. We enforce global Multi-Factor Authentication (MFA) and granular Role-Based Access Control (RBAC) to ensure only authorized personnel access study configurations. Sessions automatically time out after 15 minutes of inactivity.
Protected at all times. Data is secured using industry-standard AES-256 encryption (At Rest) and TLS 1.2+ (In Transit). Encryption keys are managed securely via Azure Key Vault to ensure logical tenant separation.
Resilient infrastructure. We maintain immutable audit trails for all critical data events. Our infrastructure undergoes monthly vulnerability scanning and uses continuous threat monitoring to detect and block malicious activity.
Strict vendor limits. Our AI integration adheres to a strict Zero-Retention Policy—no data is stored by the model. All vendors undergo annual security assessments and continuous compliance monitoring.
Transparency on Leova’s regulatory positioning, compliance approach, and appropriate use.
Leova is a pre-production configuration tool that generates EDC specifications from clinical trial protocols. Using curated clinical reference libraries and AI assistance, Leova creates eCRFs, form logic, and edit checks that you review and deploy to your production EDC system. Think of it like Microsoft Word for protocol writing—you use Word to draft the protocol, but regulators inspect the final document, not your Word installation. Leova generates the configuration draft. You review, approve, and deploy it to your validated production EDC.
No, and this is appropriate for its intended use. Leova is a pre-production configuration tool—validation requirements apply to your production EDC system where subject data is collected, not to drafting tools used during setup. BioInformatiCo maintains ISO 27001 certification and follows Computer Software Assurance (CSA) principles. You validate Leova's outputs through User Acceptance Testing before deployment.
Leova is a pre-production configuration tool used before trials begin. Unlike your production EDC system, Leova is not where clinical data is captured or managed. The key regulations like 21 CFR Part 11, ICH GCP, and EU Annex 11 apply primarily to your EDC during trial conduct. Leova is designed to create configurations that comply with these standards when deployed correctly.
ICH GCP and EU Annex 11 focus on systems used during clinical trial conduct. Leova is used before trials start. However, BioInformatiCo operates in alignment with these principles. Our software is designed to produce specifications that reflect industry best practices. Using a tool like Leova with appropriate review of outputs is entirely suitable under these risk-based frameworks.
Yes, absolutely. Since Leova processes personal data (names in protocols), we comply with GDPR through ISO 27001 certification, EU data residency, encryption, and a comprehensive Data Processing Addendum (DPA).
Your responsibility: Ensure you have lawful basis to process personal data in protocols. Do not upload subject Protected Health Information (PHI) — Leova is not designed for subject data.
We apply a risk-based testing strategy focused on trial reliability. This includes verifying that clinical templates are medically accurate, testing that the system builds exactly what your protocol specifies, and running full end-to-end simulations from protocol upload through configuration export. We maintain a validation package available upon request for vendor qualification.
Leova generates configurations based on your protocol and our clinical reference library, but human review remains critical. We recommend conducting User Acceptance Testing to verify that eCRFs match your protocol requirements before deploying to your production EDC system. Protocols can be ambiguous, and your team knows the full context of your trial design better than any AI model.
Leova is designed with ALCOA+ principles in mind: user authentication (Attributable), clear outputs (Legible), timestamps (Contemporaneous), original retention (Original), and reference library validation (Accurate). We maintain security activity logs and audit trails. However, Leova is a pre-production configuration tool—21 CFR Part 11 compliance requirements like formal audit trails and electronic signatures apply to your production EDC system.