Does your Clinical Technology Provider Have ISO 27001 Certification?

Does your Clinical Technology Provider Have ISO 27001 Certification?

Continuous access to services, security of information, adherence to regulatory requirements and data protection regulations are a business priority for the life sciences sector.

The ISO/IEC 27001:2013 certification provides a route to compliance.

ISO 27001 is not an obligatory international certification, but it is the best known standard in the ISO family providing requirements for an Information Security Management System (ISMS).

ISO 27001 allows companies to establish, implement, maintain and continually improve the ISMS system within the context of the organization, supporting key processes like business continuity and disaster recovery. The ISO 27001 standards take a systematic approach to managing company data and information – such as clinical and safety data – so it remains secure.

In the clinical and pharmacovigilance environment, information security is fundamental and crucial when collecting, managing and analyzing data that contains personal patient information and data points crucial for a patient’s health. There are three particular aspects related to the clinical environment that make the ISO 27001 certification particularly important:

  • Data Transparency and recent EU legislation that will oblige Sponsors to publish clinical data in an accessible database; data collected and managed – including data collected electronically through the use of clinical trial technology such as EDC systems, CTMS, IWRS and ePRO, need to be secure and traceable.
  • Pharmacovigilance regulations which require more safety data collection and post-market follow up studies with strict regulatory guidelines and the implementation of safety systems.
  • Clinical Data Visualization and the use of web browsers, Wifi connections and devices (such as smartphones and tablets) to access and the need to guarantee secure connection and transfer of data. This could be of particular interest for Sponsors looking to implement Risk-Based Monitoring strategies through the use of real-time reporting and metrics.

For this reason, ARITHMOS enforces the requirements relative to ISO/IEC 27001:2013 standard to all of its hosted services and applications in the clinical environment including:

  • Symphony EDC system
  • Third party EDC applications (e.g. Oracle Clinical/RDC)
  • Pharmacovigilance safety systems (e.g. Oracle Argus Safety 8)
  • Clinical data reporting and analysis tools
  • HelpDesk ticketing platform
  • SYNClevy Extended Project and Portfolio Management system

Implementing and certifying an ISMS guarantees Confidentiality, Integrity and Availability when it comes to information security.

What are the benefits and guarantees of ISO 27001 for Clinical Trial Sponsors?

  • Data and System Integrity (protection from malicious or unintentional damage such as spam, hackers or power failures)
  • Protection of privacy
  • Adequate and proportionate security controls
  • Risk Management
  • Data security for operational procedures and organizational processes which are defined in documented operating procedures
  • Disaster recovery and business continuity plans

In 2014,  Arithmos implemented its own Information Security Management System in compliance with ISO/IEC 27001:2013. To learn more about how this certification can benefit your clinical trial or life science application project, send us a request for information at 


Follow us on Twitter