Building a cybersecurity and risk department
TrialCard, a full-service life sciences commercialization company, agreed to make cybersecurity compliance a top priority in 2015 and immediately began building a complete security and risk program. After a great deal of planning, TrialCard’s leadership team decided to pursue the ISO/IEC 27001:2013 certification.
“At the time, in 2015, we knew that attaining the ISO 27001 certification was the gold standard and would set us apart from our competitors,” said Stan Kurpiel, TrialCard’s Chief Information Officer. “We knew this certification would provide our company with effective cybersecurity policies and procedures, a solid security infrastructure, and assurance to our customers.”
Leadership’s goal in establishing a certification plan was to lower TrialCard’s liability by showing better due diligence and having an aggressive roadmap for Cyber Security for the organization.
Everyone from the top down agreed we needed to keep A-LIGN as our auditor for all future certifications!”
Michelle AtchisonTrialCard’s Chief Compliance Officer & General
Making the call
When establishing a security team, Kurpiel hired Stuart Browy as Senior Director of Security. Browy was tasked with creating the Cyber Security Road Map and spearheaded the ISO 27001 certification project.
The first order of business in the Security road map was to search for authorized ISO 27001 auditors and A-LIGN immediately caught Browy’s eye. “It was a gut feeling,” said Browy. “When I came across A-LIGN, I did my due diligence and then placed a phone call requesting more information.” Adam Lubbert, A-LIGN’s Associate Director of ISO Delivery, returned Browy’s phone call.
“Adam really sealed the deal,” said Browy. “He assured our team that A-LIGN would help us through the process, as this was completely new for our company. I’ve completed ISO certifications for other companies and appreciate how intimidating the process can be.”
When comparing pricing, TrialCard felt A-LIGN was very fair and closely matched what they expected to pay for an ISO 27001 certification. Between budget and leadership’s immediate ease with the A-LIGN team, Browy was confident that TrialCard hired the best auditing firm for their needs.
Earning an ISO 27001 certification
Lubbert helped to lead TrialCard through the ISO 27001 assessment process. TrialCard built into its plan ‘Zero Trust’ and other additional security layers that ultimately helped the company to harden security protocols. In 2018, TrialCard successfully earned its first ISO 27001 certification without any major non-conformities. “The way Adam ran our meetings and communicated with our executive team was very impressive,” said Browy. “Everyone from the top down agreed we needed to keep A-LIGN as our auditor for all future certifications.”
The following year, in 2019, Lubbert was promoted within A-LIGN and began training a junior auditor. The TrialCard team found the other members of the auditing team to be equally skilled and experienced its smoothest audit yet.
Utilizing compliance management software
To streamline the auditing process, TrialCard began utilizing A-SCEND, A-LIGN’s proprietary compliance management platform.
A-SCEND saved TrialCard time by centralizing evidence collection requirements before evaluation and fieldwork. This approach for evidence collection reduced the total number of requests required from each audit by comparing common security frameworks and creating one request to address multiple criteria.
After TrialCard learned how to use the platform, A-SCEND streamlined the compliance process, consolidating and deduplicating efforts to save resources.
To learn more about how A-LIGN can help your organization through a variety of cybersecurity compliance assessments and audits, please visit www.a-lign.com/services or complete this form and an A-LIGN expert will reach out to you within 24 hours.
TrialCard Incorporated is a full-service life sciences commercialization partner that provides comprehensive solutions that span the entire biopharmaceutical value chain. In addition to a foundation of fully integrated, digitally enabled patient support services, its broader offerings include everything from late-stage clinical trial management to post-marketing HCP engagement services and proprietary data-as-a-service payer intelligence and insights. Founded in 2000, TrialCard provides commercialization needs for more than 400 life science customers and has connected nearly 36 million patients with more than $22 billion in branded drug savings to date. The company is headquartered in Morrisville, North Carolina.
For more information about TrialCard, please visit www.trialcard.com.