Building a cybersecurity and risk department

TrialCard, a full-service life sciences commercialization company, agreed to make cybersecurity compliance a top priority in 2015 and immediately began building a complete security and risk program. After a great deal of planning, TrialCard’s leadership team decided to pursue the ISO/IEC 27001:2013 certification.

“At the time, in 2015, we knew that attaining the ISO 27001 certification was the gold standard and would set us apart from our competitors,” said Stan Kurpiel, TrialCard’s Chief Information Officer. “We knew this certification would provide our company with effective cybersecurity policies and procedures, a solid security infrastructure, and assurance to our customers.”

Leadership’s goal in establishing a compliance plan was to lower TrialCard’s liability by showing better due diligence and having an aggressive roadmap for Cyber Security for the organization.

Making the call

When establishing a security team, Kurpiel hired Stuart Browy as Senior Director of Security. Browy was tasked with creating the Cyber Security Road Map and spearheaded an ISO 27001 certification.

The first order of business in the Security road map was to search for accredited ISO 27001 certification bodies and A-LIGN immediately caught Browy’s eye. “It was a gut feeling,” said Browy. “When I came across A-LIGN, I did my due diligence and then placed a phone call requesting more information.” Adam Lubbert, A-LIGN’s Associate Director of ISO Delivery, returned Browy’s phone call.

“Adam really sealed the deal,” said Browy. “He assured our team that A-LIGN would educate us about the certification process, as this was completely new for our company. I’ve completed ISO certifications for other companies and appreciate how intimidating the process can be.”

When comparing pricing, TrialCard felt A-LIGN was very fair and closely matched what they expected to pay for an ISO 27001 certification. Between budget and leadership’s immediate ease with the A-LIGN team, Browy was confident that TrialCard hired the best certification body for their needs.

Earning an ISO 27001 certification

Lubbert educated TrialCard through the ISO 27001 certification process. TrialCard built into its plan ‘Zero Trust’ and other additional security layers that ultimately helped the company to harden security protocols. In 2018, TrialCard successfully earned its first ISO/IEC 27001 :2013 certification without any major non-conformities. “The way Adam conducted our audit and communicated with our executive team was very impressive,” said Browy. “Everyone from the top down agreed we needed to keep A-LIGN as our certification body for all future certifications and compliance needs.”

The following year, in 2019, Lubbert was promoted within A-LIGN and provided us with another auditor. The TrialCard team found the other members of the auditing team to be equally skilled and experienced its smoothest audit yet.

Utilizing compliance management software

To streamline the auditing process, TrialCard began utilizing A-SCEND, A-LIGN’s proprietary compliance management platform.

A-SCEND saved TrialCard time by centralizing evidence collection requirements before evaluation and fieldwork. This approach for evidence collection reduced the total number of requests required from each audit by comparing common security frameworks and creating one request to address multiple criteria.

After TrialCard learned how to use the platform, A-SCEND streamlined the compliance process, consolidating and deduplicating efforts to save resources.

Next steps

To learn more about how A-LIGN can help your organization through a variety of cybersecurity compliance assessments and audits, please visit www.a-lign.com/services or complete this form and an A-LIGN expert will reach out to you within 24 hours.

About TrialCard

TrialCard Incorporated is a full-service life sciences commercialization partner that provides comprehensive solutions that span the entire biopharmaceutical value chain. In addition to a foundation of fully integrated, digitally enabled patient support services, its broader offerings include everything from late-stage clinical trial management to post-marketing HCP engagement services and proprietary data-as-a-service payer intelligence and insights. Founded in 2000, TrialCard provides commercialization needs for more than 400 life science customers and has connected nearly 36 million patients with more than $22 billion in branded drug savings to date. The company is headquartered in Morrisville, North Carolina.

For more information about TrialCard, please visit www.trialcard.com.