Credentials & Certifications
Building Trust to the Highest Standards
CNWAYLab holds itself to the highest international standards, having passed multiple domestic and international authoritative certifications and compliance audits, providing every client with a secure, compliant, and trustworthy laboratory digitalization foundation.
Six Core Certifications
Covering six dimensions — information security, quality management, laboratory competence, international regulations, national security, and domestic platform adoption — to build a comprehensive compliance system.
ISO/IEC 27001:2022
Information Security Management System certification covering the full lifecycle of R&D, operations, and client data. From access control to encrypted transmission, from vulnerability management to incident response — every link is rigorously audited to international standards.
ISO 9001:2015
Quality Management System certification with full-process quality control from product design to customer service. Based on the process approach, combined with the PDCA cycle and risk-based thinking, ensuring every delivery meets client expectations.
CNAS-CL01 / ISO/IEC 17025
Testing and calibration laboratory competence accreditation criteria, with built-in compliance templates. Supports method validation, measurement uncertainty assessment, intermediate checks, proficiency testing, and all technical elements to help laboratories pass CNAS accreditation reviews.
FDA 21 CFR Part 11
Electronic records and electronic signatures compliance with full-field audit trail. The system enables complete audit trails by default, supporting electronic signature uniqueness verification, signature manifest immutability, and long-term archiving to meet FDA and NMPA inspection requirements.
MLPS Level 3 (GB/T 22239)
Classified Protection of Cybersecurity Level 3 — the highest level of data security protection. Covers physical security, network security, host security, application security, and data security, with public security bureau filing and periodic evaluation.
Full Xinchuang Stack Certification
Kylin / UnionTech / Kunpeng / Hygon / Dameng / Kingbase — full-stack domestic platform compatibility certification. From OS to database, from chip to middleware, CNWAYLab LIMS has completed full technology stack Xinchuang compatibility certification.
Full-Dimension Compliance Matrix
Beyond core certifications, CNWAYLab continues to invest in cloud security, privacy protection, environmental management, and occupational health — building a compliance defense system with no blind spots.
CSA STAR Cloud Security Certification
Cloud Security Alliance STAR certification, independently assessing CNWAYLab cloud services across 16 security domains based on the Cloud Controls Matrix, ensuring the security, transparency, and continuous compliance of the SaaS delivery model.
SOC 2 Type II
Service Organization Control Report Type II, with independent third-party auditors continuously testing the effectiveness of controls across the five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.
GMP / GSP Compliance
System architecture and functionality fully comply with Good Manufacturing Practice (GMP) and Good Supply Practice (GSP) requirements, with built-in audit trail, electronic signatures, access tiering, data backup, and disaster recovery.
Software Enterprise Certification
Certified as a national Software Enterprise, CNWAYLab possesses a mature software R&D management system and sustained innovation capability. All products are registered with software copyright certificates protected under the Computer Software Protection Regulations.
National High-Tech Enterprise
A National High-Tech Enterprise jointly recognized by the Ministry of Science and Technology, Ministry of Finance, and State Taxation Administration. Holds multiple invention patents and core technology IP rights, with R&D investment exceeding 15% of revenue, continuously leading laboratory digitalization technology innovation.
ISO 14001 Environmental Management
Environmental management system certification. CNWAYLab practices green IT principles across the full product lifecycle — from data center energy efficiency optimization to paperless lab solutions, helping clients achieve carbon neutrality goals.
ISO 45001 Occupational Health
Occupational health and safety management system certification covering employee physical and mental well-being, workplace safety, and travel risk management. CNWAYLab has always placed "people first" as the core foundation of sustainable corporate development.
Privacy Information Management ISO 27701
An extension of ISO 27001 for Privacy Information Management System (PIMS), providing full-process privacy protection from data collection, processing, and storage to deletion, ensuring compliance with the Personal Information Protection Law and GDPR requirements.
Five-Layer Compliance Architecture
From international standards to organizational governance, this five-layer progressive compliance architecture ensures every layer of CNWAYLab products and services withstands the most rigorous scrutiny.
International Certification Layer
ISO 27001 / ISO 9001 / SOC 2 Type II / CSA STAR — anchored by internationally recognized standards, with annual independent third-party audits ensuring the continuous validity of certifications and the actual operational quality of management systems.
Industry Regulation Layer
FDA 21 CFR Part 11 / EU GMP Annex 11 / NMPA / ICH Q10 — for regulated industries such as pharmaceuticals, medical devices, and biologics, the system includes a built-in regulatory compliance engine that automatically enforces data integrity requirements.
Domestic Compliance Layer
MLPS Level 3 / CNAS-CL01 / CMA / Full Xinchuang Stack — fully meeting Chinese domestic regulatory requirements, supporting data interfacing with provincial and municipal regulatory platforms, helping clients pass various qualification reviews and administrative inspections in one attempt.
Data Protection Layer
ISO 27701 / Data Security Law / Personal Information Protection Law / GDPR — from data classification and tiering to cross-border transfer assessments, from encrypted data storage to personal information subject rights response, establishing a complete data protection governance system.
Organizational Governance Layer
ISO 14001 / ISO 45001 / ESG Reporting / Internal Audit Committee — compliance is not the exclusive responsibility of the technology department. CNWAYLab permeates a compliance culture through every aspect of corporate governance, employee codes of conduct, and supply chain management.
Learn More About CNWAYLab Compliance Practices
Download our security whitepaper for the complete certification list and compliance technical details.
Our compliance expert team is ready to support your audits and due diligence.