The life sciences industry hosts and handles highly sensitive information, including data on patients, patented drugs, clinical trials, research projects, and advances in technology; as an industry, it is our responsibility to protect this data. [1]
The International Standards Organisation (ISO) standard for information security, ISO 27001, ensures that companies implement best practices and reduce cyber security risks. This standard is built on three principles; confidentiality, integrity, and availability of data for those who need it. Using these principles to form an Information Security Management System (ISMS) helps to minimize the chances of an information security breach as well as limit its impact (in case it does happen) [2].
ISO 27001 has some overlap with the EU’s General Data Protection Regulation (GDPR), which is designed to give EU citizens more control over their data and how it is used and protected by companies who hold it.
Because of the industry's responsibility to protect data, pharma and biotech companies routinely question prospective vendors and partners on data protection and security to ensure weaknesses are not introduced into their chain of custody. Businesses with ISO 27001 accreditation are at an advantage because:
- Companies have implemented processes to avoid potentially costly security breaches
- Claims of good security practice are backed by an accredited auditor
- It reduces the need for frequent customer audits
- Information risk responsibilities are clearly set out
For Titian Software customers, the benefit of ISO 27001 accreditation lies in being sure that any data held by Titian or in Mosaic Sample Management Software will be treated securely, both now and in the future.
At Titian, we have processes in place to keep your data safe including:
- Running tests that look for security vulnerabilities to reduce the risk hackers can access your data
- Checking that new development doesn’t add security holes to the product or our internal systems
- Ensuring our office is secure and access restricted
- Keeping contact information secure
- Should any security incidents happen, they will be properly and robustly identified
ISO 27001 is not just about data security. The third principle “defines that organizations must ensure uninterrupted access to all crucial information that may be needed for daily operations. This principle could be challenged by numerous factors such as Denial-Of-Service attacks, cyberattacks, hardware issues, software issues, network failure, network crashes, human error, etc.” [2]
For life science companies, rapid, uninterrupted access to data is crucial so key decisions can be made quickly, particularly in the clinical arena. Titian Mosaic software delivers uninterrupted access by selecting the technologies and infrastructure it is built on in line with best practices, by using secure Application Programming Interfaces (APIs), and by extensively testing speed and reliability in-house.
Edmund Wilson, Chief Product Officer, says “Secure data access is a key part of sample management. Our ISO 27001 compliance demonstrates that we continuously evolve our software to the changing security environment and meet new customer requirements.”
Click here to download Titian's ISO 27001 Certificate, or visit our IT information page to learn more about our security practices.
References:
[1] https://www.fortinet.com/solutions/industries/pharma/cybersecurity-challenges-in-the-pharma-industry
