There are several tools in Nested Knowledge that utilize artificial intelligence and machine learning to make systematic reviews easier and more effective to conduct. This page provides technical details on what these features are, and how your data is used.
Nested Knowledge offer a web-based software-as-a-service (SaaS) application for use in secondary medical research. Artificial intelligence features are integrated into the application. Nested Knowledge is committed to monitoring and complying with AI legislation in applicable countries. Note that this contains only an analysis of compliance with laws specific to artificial intelligence tools in biomedical evidence...
Business Continuity Plan The Business Continuity plan aims to minimize interruptions to normal operations, limit the extent of disruptions and damage in disasters, and establish alternative means of operation in the event of emergencies. The Business Continuity describes the types of disruptions, the roles of key personnel in continuity planning and disruption response, the applications...
Objective To continuously monitor the effectiveness of controls implemented in support of Nested Knowledge policies. Procedure Revision History Author Date of Revision/Review Comments K. Cowie 10/14/2024 Reviewed K. Holub 02/24/2023 Drafted
Information Security will be managed by the following personnel: Personnel changes In the event of a change in role, a departure, or a new hire, oversight of the affected security policies will be transferred to the new information security personnel. Management of information technology systems will be transferred to the appropriate engineer. Barring no sudden...
This Incident Response Plan exists to ensure that we consistently handle information security events in an effective and efficient manner. Scope This policy offers guidance for employees, contractors, and consultants of Nested Knowledge who believe they have discovered or are responding to a security incident. Affected Systems This policy applies to all computer and communication...
Any employee or contractor who discovers any event of a questionable, fraudulent, or illegal nature should: These reports should be made without fear of retaliation. The incident response team will evaluate the incident and determine whether to notify the client. Situations that require escalation to the client include: Timeline When an incident has occurred, Nested...
The purpose of this policy is to categorize, describe, and determine the level of protection required for various types of Nested Knowledge data. Scope Nested Knowledge Data: company data is information generated by or for, owned by, or otherwise in Nested Knowledge’s possession. Company data includes, but is not limited to, research data, business data,...
The document retention policy exists to reduce risks, eliminate waste, and abide by relevant laws by specifying procedures pertaining to the retention, storage and deletion of physical and digital records. Scope and Definitions: This policy affects all Nested Knowledge employees, contractors, consultants, and business partners. Digital records include contracts, operating agreements, tax returns, emails, chats,...
To mitigate risks and vulnerabilities individual personnel are responsible for ensuring that the computers and devices used to access Nested Knowledge services and systems are protected by basic security measures. Scope: This policy affects all employees, contractors, and consultants of Nested Knowledge. Definitions: End-User Device Policy We require end-user devices to be protected by the...
Purpose: The Mobile Device Policy exists to ensure that Nested Knowledge protects from threats related to mobile devices. Scope: This document offers guidance for employees and contractors working with Nested Knowledge. Mobile Device Policy – Internal Systems Nested Knowledge does not provide employees or contractors with mobile cellular devices. Personnel are trained to avoid accessing...
Purpose This policy outlines our planning related to the implementation of advanced authentication of users who connect to Nested Knowledge information systems. We are committed to protecting the security, privacy, and integrity of Nested Knowledge information systems. Scope This policy affects all employees, contractors, consultants, and business partners of Nested Knowledge. Internal Company MFA Policy Nested...
Purpose: The purpose of this policy is to ensure that only authorized users gain access to Nested Knowledge’s information systems. Scope: This policy affects all employees of this Nested Knowledge and its subsidiaries, and all contractors, consultants, temporary employees and business partners. Employees who deliberately violate this policy will be subject to disciplinary action up...
Nested Knowledge will undergo penetration testing of its web application on an annual basis, unless this schedule is required to be revised by Nested Knowledge. An external security firm will test the web application to identify vulnerabilities. During the testing period, no software releases will be pushed, except releases with important bug fixes. Any vulnerabilities detected will...
Nested Knowledge is located in the United States and provides software services to users in the European Union. Scope: GDPR applies to the processing or controlling (by companies in ANY location) of personal data belonging to data subjects in the EU. Key Terminology: GDPR Compliance Policy Nested Knowledge is committed to processing data in a lawful,...
Nested Knowledge adheres to legal requirements for data protection and information security. Nested Knowledge is located in the United States. Nested Knowledge provides software to countries throughout the world, with the exception of countries sanctioned by the United States. GDPR Compliance Nested Knowledge adheres to the General Data Protection Regulation (GDPR). For details and technical controls,...
Purpose Nested Knowledge has a responsibility to educate our personnel on security practices and to comply with federal regulations related to security training and controls. This policy describes our plan to educate users on security practices. Scope: This policy affects all employees, contractors, and consultants of Nested Knowledge. Security Awareness Training Policy Upon hiring, Nested...
Nested Knowledge delivers a web-based software application and customer support services, including email notices of new releases. This policy ensures that third party services used by Nested Knowledge undergo appropriate risk and data protection assessment. Third-Party Service Policy A list of sub-processors and third-party service providers is maintained below. The list is updated at least...
Purpose As a fully remote company, delivering a cloud-based service, Nested Knowledge reduces CO2 emissions by eliminating commutes, utilities, office space, and paper use. Nested Knowledge has no corporate office. Nested Knowledge is committed to running a lean, resourceful business and reducing environmental waste. Sustainability Practices Commitment Nested Knowledge is committed to maintaining and improving...
Company Structure Nested Knowledge is a software company with a web-based software-as-a-service used for medical research. Nested Knowledge is a fully remote company with fewer than twenty employees and contractors located in several countries. All work is completed remotely except for sales activities at sales conferences. Scope: This policy applies to employees and contractors of...
Purpose The purpose of this policy is to ensure that exceptions to security policies are documented and approved through a formal exception process. Scope: This policy applies to all published Nested Knowledge information security policies. Employees and contractors must abide by this exception process. Policy An exception to an information security policy may be granted...
Nested Knowledge does not perform background checks on its employees or contractors. Should background checks become necessary for safe collaboration with clients and partners, Nested Knowledge will implement the following procedure: Background Check Supplier Nested Knowledge will initiate background checks through a third-party service provided by our payroll platform. The background check service is immediately...
Scope: This policy applies to employees, contractors, partners, and other affiliates of Nested Knowledge. Nested Knowledge is a fully remote company with headquarters in Saint Paul, Minnesota and employees located in several countries. Nested Knowledge develops software for use in medical research. Our software serves academic researchers, technological innovators, and biotech organizations throughout the world...
Services Nested Knowledge provides software for use in medical research to businesses and individuals globally. Nested Knowledge’s web-based SaaS platform is available off-the-shelf. Headquartered in Saint Paul, Minnesota, Nested Knowledge has a remote team in several countries, including the United States and the United Kingdom. Main Suppliers Typically, Nested Knowledge’s major suppliers fall into one...
Scope: This policy applies to Nested Knowledge employees, sub-contractors, and business partners. Customers’ Financial Interests Nested Knowledge delivers software services to companies engaged in biomedical research, which may include pharmaceutical companies, contract research organizations, academic institutions, and non-profit organizations. The research conducted by our customers may influence the following: Risk of Corruption Nested Knowledge staff...
Scope: This policy applies to Nested Knowledge employees, sub-contractors, and business partners. Anti-Bribery Policy Risk of receiving bribes: Health Care Professionals (HCPs) may benefit financially from research demonstrating favorable outcomes for drugs, devices, or other interventions, in which the HCP has financial stakes. Government officials may have stakes in the results of research studies. For...
This page contains the Nested Knowledge policy regarding whether a user qualifies for Academic Tier pricing, or whether an Organization qualifies for having all users qualify for Academic Tier pricing. Who Qualifies for Academic Tier? To qualify for Academic Tier, a user must be one of the following Qualifications: To qualify for organization-wide Academic Tier pricing, the...
The purpose of this policy is to describe the process for filing notices of copyright infringement in accordance with the Digital Millennium Copyright Act (DMCA). 17 U.S.C. § 512, et al. DMCA Safe Harbor Pursuant to the DMCA Safe Harbor, Nested Knowledge, a software service provider, will not be liable for copyright infringement of materials...
The purpose of this policy is to maintain an adequate level of security to protect Nested Knowledge data and information systems from unauthorized access. This policy defines the rules necessary to achieve this protection and to ensure a secure and reliable operation of Nested Knowledge information systems. Scope This policy affects all employees of this...
I. Purpose This policy ensures that development environments are secure and encourages the use of secure coding and development practices. Security needs to be considered at all stages of the development lifecycle from specification and design through to implementation. II. Scope These standards apply to all persons involved in the acquisition, development and maintenance of...
Standards Compliance Our development team designs and maintains architecture, access rules, logging, and monitoring/alerting in our production cloud environment that aim to achieve compliance with the CIS AWS Benchmark. An internal review is performed annually for all scored, Level 1 controls, with the reviewers, date, and benchmark score recorded. Remediations for noncompliances are maintained, prioritized, and...
I. Purpose The networks used by remote workers (primarily from home or shared offices) are beyond our control, and it is essential that we mitigate threat models presented by this mode of access. II. Scope This policy applies to all employees and contractors who work with Nested Knowledge and access internal or confidential Nested Knowledge...
Introduction With rapid developments in the field of artificial intelligence (AI), many have questions about how AI will affect copyright law or use restrictions, and users may have concerns about how they can use scientific abstracts and full-text articles in Nested Knowledge’s systematic review software. While Nested Knowledge cannot provide legal advice regarding copyright status...
I. Purpose The policy describe how Nested Knowledge uses photo and how Nested Knowledge ensures compliance with GDPR’s Data Protection requirements. II. Scope This policy affects all employees, contractors, and consultants of Nested Knowledge. II. Policy Legitimate interest Nested Knowledge shares photos of employees and contractors, a form of personal information, on our website. We...
