Customer Detail

Sureclinical Speeds And Simplifies Pharmaceutical Trials – With Thales HSMs Securing The Root Of Trust

How a Startup Is Helping Pharmaceutical Companies Bring New Drugs To Market Faster And More Cost-Efficiently Through a Secure, Cloud-Based Document Solution.

The Challenge: Find A Way TO Secure Clinical Documents In a Highly Regulated Industry

SureClinical wanted to bring the pharmaceutical trial process into the 21st century. Drug trials historically were a slow, paperintensive process, relying on hundreds of clinical investigators across the globe to print, fill out, sign and physically ship the documents required to populate data in a clinical study for a new drug. The cost in labor, shipping, paper and document handling was enormous. SureClinical envisioned a cloud-based solution that would allow pharma companies to eliminate paper, share documents easily, automate document handling, and capture regulatory-compliant signatures on hand-held devices – the tablets and smart phones that most clinicians prefer. This new technology would accelerate speed to market – a critical competitive advantage in an industry with a 20-year patent cliff – and it would save many companies hundreds of thousands of dollars in shipping costs alone. But there were significant security challenges to address.

Above all, SureClinical needed a solution that pharmaceutical and healthcare companies would trust. With $50 billion per year in fraudulent paper-based transactions, the medical records industry is prone to substantial vulnerability and risk. It’s also one of the most highly regulated industries in the world. Pharmaceutical companies developing new medicines are subject to the strictest standards of security and privacy, and are audited regularly. While SureClinical knew that pharma companies would be attracted to the savings in cost and time its solution promised, it also knew that adoption of this new model of document handling was out of the question unless there was a strong root of trust in the digital signature process.

The Solution: Digital Signing Solution Powered By Thales HSMs

SureClinical solved this trust and security challenge with a solution that works with the built-in Adobe document signing/ verification technology and is secured in the cloud with Thales Hardware Security Modules (HSMs). It is the first such cloudbased digital signing solution to win U.S. Food and Drug Administration (FDA) and European Commission compliance validation for use in pharmaceutical trials, and has secured SureClinical’s inclusion in BioSpace’s list of the Top 30 Life Science Startups to Watch in the U.S.

To securely authenticate users and share documents that include patient information and intellectual property, the SureClinical solution needed X.509 compliant certificates protected by a FIPS 140-2 level 3 HSM that could be independently verified by any third party recipient, with an audit trail available for all signing transactions. Based on digital certificate technology secured by a Thales nShield Connect HSM, the solution requires signers to have the right mobile phone, the right PIN, and the right username and password before they are allowed to digitally sign a document with their HSM-protected private signing key – significantly reducing the possibility of fraud. Clinicians around the world are able to use tablets and smart phones to sign documents at the point of origin, speeding the process and providing greater convenience. Copies of the digital certificate are kept in the HSM, which reside in data centers that are audited to FDA 21 CFR Part 11, European Commission Annex 11, and HIPAA standards.

With Thales HSMs securing the root of trust, SureClinical’s patentpending cloud digital signing solution is helping pharmaceutical companies save as much as $200,000 per year in shipping charges, accelerate time to market, and speed the development of new drugs.

Key Benefits

  • Implement secure digital signing with high-availability solutions appropriate for your most critical processes
  • Support the most demanding online applications and transaction volumes with high performance capabilities
  • Enforce policies requiring separation of duties, strong authentication for administrators, and quorum authorized signing operations by employing finegrained security controls
  • Accelerate deployments with out-of-the-box integration with commercial solutions as well as standards-based APIs for custom integrations
  • Streamline auditing and compliance reporting by utilizing globally respected product level security certifications such as FIPS 140-2 Level 3

Why Thales?

After initially working with a competitor’s product, SureClinical ultimately chose Thales HSMs to secure the root of trust for several reasons:

  • Trust. SureClinical knew its solution wouldn’t be acceptable to customers without strong trust in the authentication process. Thales HSMs and the Thales brand provided the assurance and strong cryptographic technology that pharmaceutical companies required in order to place their trust in this innovative solution.
  • Scalability. With the need to eventually accommodate up to 50 million users, scalability was a critical factor in choosing Thales HSMs, which can scale to handle high levels of transaction volume. The Thales architecture is designed for easy scalability, allowing the HSMs to be distributed across SureClinical’s twelve global data centers.
  • Reliability. SureClinical required a solution that would be responsive and reliable, in order to allow people all over the world to efficiently and confidently sign documents, and the proven reliability of Thales HSMs filled the bill.
  • Certification. Thales provided the standards compliance, including the critical FIPS 140-2 Level 3, that was needed for regulatory requirements and for SureClinical’s patent-pending high trust digital signing with multifactor authentication for mobile and web devices.
  • Ease of use. The nShield Connect is easy to set up, configure and manage.
  • Support. The Thales pre-sales and support team were able to get SureClinical up and running very quickly, integrating the custom software application using a Java JCE interface even before the purchase was complete.

About The Solution

Thales HSMs

Thales HSMs provide a hardened, tamper-resistant environment for performing secure cryptographic processing, key protection, and key management. With these devices you can deploy high assurance security solutions that satisfy widely established and emerging standards of due care for cryptographic systems and best practices – while also maintaining high levels of operational efficiency.

Thales HSMs are certified by independent authorities, establishing quantifiable security benchmarks that give you confidence in your ability to meet compliance mandates and support internal policies. Thales HSMs are available in multiple form factors to support all common deployment scenarios ranging from portable devices to high-performance data center appliances.

With Thales HSMs You Can:

  • Deliver certified protection for cryptographic keys and operations within tamper-resistant hardware to significantly enhance security for critical applications
  • Achieve cost-effective cryptographic acceleration and unmatched operational flexibility in traditional data center and cloud environments
  • Overcome the security vulnerabilities and performance challenges of software-only cryptography
  • Reduce the cost of regulatory compliance and day to - day key management tasks including backup and remote management. With HSMs from Thales, you buy only the capacity you need and can scale your solution easily as your requirements evolve
Download