Does your Clinical Technology Provider Have ISO 27001 Certification?

Nov 22, 2020 | RESOURCES

Continuous access to services, the security of information, adherence to regulatory requirements, and data protection regulations are a business priority for the Life Sciences sector. The ISO/IEC 27001:2013 ISMS’ certification provides a route to compliance.

ISO 27001 is not an obligatory international certification, but it is the best-known standard in the ISO family providing requirements for an Information Security Management System (ISMS).

ISO 27001 allows companies to establish, implement, maintain, and continually improve the ISMS within the context of the organisation, supporting key processes like business continuity and disaster recovery. The ISO 27001 standards take a systematic approach to managing company data and information – such as clinical and safety data – so it remains protected.

In the clinical and pharmacovigilance environment, information security is fundamental and crucial when collecting, managing, and analysing data that contains personal patient information and data points crucial for a patient’s health. There are three particular aspects related to the clinical environment that make the ISO 27001 ISMS’ certification particularly important:

  • Data Transparency and recent EU legislation that will oblige Sponsors to publish clinical data in an accessible database; data collected and managed – including data collected electronically through the use of clinical trial technology such as EDC systems, CTMS, IWRS, and ePRO, need to be secure and traceable.
  • Pharmacovigilance regulations require more safety data collection and post-market follow up studies with strict regulatory guidelines and the implementation of safety systems.
  • Clinical Data Visualisation and the use of web browsers, Wi-fi connections, and devices (such as smartphones and tablets) to access and the need to guarantee secure connection and transfer of data. This could be of particular interest for Sponsors looking to implement Risk-Based Monitoring strategies through the use of real-time reporting and metrics.

For this reason, Arithmos enforces the requirements relative to ISO/IEC 27001:2013 standard to all of its hosted services and applications in the clinical environment including:

  • Symphony EDC system
  • Third-party EDC applications (e.g. Oracle Clinical/RDC)
  • Pharmacovigilance safety systems (e.g. Oracle Argus Safety 8)
  • Clinical data reporting and analysis tools
  • Help Desk service

Implementing and certifying an ISMS guarantees confidentiality, integrity, and availability when it comes to information security.

What are the benefits and guarantees of ISO 27001 for Clinical Trial sponsors?

  • Data and System Integrity (protection from malicious or unintentional damage such as spam, hackers, or power failures)
  • Protection of privacy
  • Adequate and proportionate security controls
  • Risk Management
  • Data security for operational procedures and organisational processes which are defined in documented operating procedures
  • Disaster recovery and business continuity plans

In 2014, Arithmos implemented and certified its own Information Security Management System in compliance with ISO/IEC 27001:2013.

To learn more about how this certification can benefit your clinical trial or Life Science application project, contact us at info@arithmostech.com and we will get back to you as soon as possible.