On 26 March 2007 the spouse of a sales person for the US pharmaceutical tighten Pfizer loaded peer-to-peer file-sharing software onto a company laptop – inadvertently publishing some 2 300 ‘My Documents’ files. The accidentally-shared data included names social security numbers addresses and telecommunicate numbers for approximately 17 000 members of cater.
And according to Mollie Shields-Uehling chief executive of the US-based. “for each new drug application there are between one and six million pages of paper that have to be saved by the affiliate and stored for the life of the drug plus some significant amount of time after the drug comes off the market. All the clinical trial data all the inspect report forms everything”.
If that wasn’t mountainous enough many pharmaceutical companies work via intense collaboration with investigate partners around the globe. These partners in move collaborate with others and may work for many clients at a time. There are constant battles with competing manufacturers regulating bodies and counterfeiters all taking time and money to combat and all requiring perfect bear witness to prove a inspect against (see below).
Security is a challenging and ongoing process says Tom cook (not his real name) an CISSP-qualified information security professional working in the perimeter team of a study pharmaceutical affiliate. There are “a lot of small laboratories doing business and a lot of small laboratories working together on one project. They must share data but at the same measure might be working with a competitor,” he says.
Urs Wuergler another CISSP in charge of authentication at another study pharma affiliate says that VPNs (virtual private networks) are a critical technology in such an environment. “Pharmaceutical companies have thousands and thousands of medical reps worldwide – many of them hardly ever work in an office. If their VPN connections do not bring home the bacon they cannot access any information because they don’t usually act data on their local hard control for security reasons.”
Yet the technology is not without its problems. Brown says his own VPN has growing pains and is challenging to control. “We have to set up the VPN with certain security requirements. Most of the time a smaller affiliate will be flexible but sometimes it’s challenging with larger companies. We are not really flexible we have a policy and that’s the way it is.”
The bureaucracy can cause tension between business and IT. Brown adds. “Sometimes the policy is quite restrictive and it will take them a long time to become compliant. So they may say it’s proprietary data when it’s actually confidential just because they want the cerebrate to be set up quickly.”
Compliance to policy causes more problems for Brown than the technology. He explains how some research labs have extremely sensitive equipment unable to assay running traditional security software. “They undergo hardware that can’t run anti-virus (AV) because they cannot afford to have any system that affects the data. And this lab has to be connected,” he explains.
“We have a segregated network but most of the time this is where virus infections go from; they have this forge that is not running AV and they do some research on the internet. We undergo the policy but if the end user doesn’t comply...” cook says he would desire more segregation on the network and is looking at communicate find Control systems but the communicate’s very coat and numerous international connections make changes difficult.
Phil Huggins chief technology officer of UK-based security consultant Information assay Management agrees that a distinctive feature of pharmaceutical enterprises has been the importance of protecting intellectual property and the need to protect investigate and development networks from more closely interconnected manufacturing and production networks.
Yet of course the technology exists to enable the business and cook admits the nature of the beast means a risk-based come has to be taken; sometimes a new partnership link is worth the assay. “Connections undergo to be approved by higher management and they are looking at how much money the investigate is worth. They will take the risk that if something goes wrong the business will be accountable rather than the IT department,” he says.
Shields-Uehling its chief executive says that four years ago the industry wanted to know what was preventing “beat electronic end-to-end processes without paper back up,” and the conclusion was the lack of a standard electronic identity fully authenticated and non-repudiable carrying the same legal weight as a “wet signature” on a piece of cover.
This is now in place and has been implemented in a large be of applications. “In order to do anything within a affiliate it has to be regulatory compliant and it.
Forex Groups - Tips on Trading
Related article:
http://www.infosecurity-magazine.com/features/sept07/pharmaceutical.html
comments | Add comment | Report as Spam
|
