Sign on the digital line: Case study
Biopharma companies need a secure digital signing infrastructure. SureClinical found an answer for them, reports Greg Masters.
Biopharma companies need a secure digital signing infrastructure.
SureClinical is new to market with health science cloud application deployments in 12 global data centers located in the Asia-Pacific region, Europe and North America. It supports multi-site, multi-location customers with its cloud software for the management of global clinical trials. SureClinical has its primary headquarters in Rancho Cordova, Calif., and is opening another office in London to support its European customers.
“Our customers are managing clinical trials in the highly regulated biopharma industry,” says Zack Schmidt, founder, president and CEO of SureClinical. “They are collecting regulatory documents that need signatures.” Due to requirements for digital signing imposed by the U.S. Food and Drug Administration (FDA) and the European Medicine Agency, biopharma companies need a highly secure digital signing infrastructure.
Instead of sending documents out for signing via overnight delivery services, SureClinical customers are electing to complete digital signatures through the use of the company's cloud digital signing services, Schmidt explains.
The search began for a solution that would enable customers to optimize this task and ensure secure transactions. SureClinical's executive, security and engineering teams worked together on an extensive review of available options, says Schmidt. First his team set up requirements around what was needed. The system had to have FIPS-140 Level 3 high-trust security for storage of credentials. It had to be a hardware security module (HSM). His team also required the ability to support millions of signing transactions a day, so the hardware had to support big amounts of throughput as well as the ability for failover and very high reliability.
“One of the key things we needed was a mean time between failure on the order of hundreds of thousands of hours,” Schmidt says.
He also needed something in the cloud that could scale with the growth of the organization. As his team added new users, the solution needed to be able to scale gracefully. “Our users needed the ease and convenience to be able to access the solution and start signing securely right out of the box, and to do it from familiar tools, like a mobile phone,” Schmidt says.
Another thing that was important was support for APIs. The flexibility and support for different kinds of programming languages was critical.
Schmidt's team looked at a number of options but had concerns. USB solutions were unacceptable for doctors. “No one wants a USB device that plugs into his or her laptop for signing,” he says. The team looked at another solution which, Schmidt says, was good but not as reliable as what was needed. Plus, it lacked the capability to scale the way Schmidt and his team required.
Then they discovered the Thales nShield HSM. “The Thales unit was the only unit with the mean time between failure we needed, and support for millions of users and millions of transactions. It superseded everything. We were really happy to find that solution.”