Digital Signatures and Identities Fuel Collaboration
By Ann Neuer
October 23, 2014 | It’s been years since biopharmaceutical companies were one-stop shops, where all aspects of clinical R&D took place under one roof. Strategic partnerships have been popping up to help sponsors share risk and offload non-core functions, and to make these partnerships work, stakeholders are exchanging sensitive cloud-based information as part of their daily routine, often across the globe. As a result, the biopharmaceutical industry is increasingly relying on digital signatures to authenticate and securely share documents.
These signatures are based on cryptographic methods of originator authentication as described by the Electronic Records; Electronic Signatures Rule, commonly known as 21 Code of Federal Regulations (CFR) Part 11. They are computed using a set of rules so the identity of the signer and the integrity of the data can be verified. According to Vijay Takanti, Vice President of Security & Collaboration Solutions at Exostar, a trustworthy digital signature must have three characteristics: authentication that an individual is who he says he is; the ability of the signer to understand the context of his or her actions; and the ability of the signature to have the same significance in the legal world as a wet signature.
An indication of digital signatures’ growing importance is that the European Medicines Agency began using them in September 2013 on outgoing documents that require a legally binding signature. This effort supports the Agency’s strategy of increasing electronic document-only exchanges between the Agency and industry. Digital signatures are also accepted by the Food and Drug Administration on submissions sent through the Electronic Submissions Gateway.
With the industry’s increased reliance on digital signatures, it is more crucial than ever to use a recognized standard governing their use. The SAFE-Biopharma Association offers a global digital identity and digital signature standard that is widely used in the biopharmaceutical industry to facilitate paperless transactions. This standard assures a high degree of trust in cyber-identities, and requires the individual’s digital credential to be based on a process that establishes a close bond with that person’s identity. The identity credential resides as a digital certificate in a computer, on a token or in a highly secure hardware module in the cloud and is accessed by mobile devices. Moreover, the standard is interoperable among federal agencies and numerous companies.
Mollie Shields Uehling, President and CEO of SAFE-Biopharma
SAFE-Biopharma has seen the role of digital signatures gaining importance as more complex research partnerships are launched, often through cloud-based document sharing platforms. “As a result, many stakeholders are coping with multiple online identities, a highly redundant, often non-secure system of identity and access management,” says Mollie Shields Uehling, President and CEO of SAFE-Biopharma. “When companies start moving processes to the cloud, signatures are required on electronic documents, so it makes sense to adopt processes that can standardize these changes.”
This is where Exostar, a provider of cloud-based collaboration communities and identity credentials, steps in, allowing life sciences companies to facilitate sharing of information, ultimately streamlining clinical operations. The company’s Life Sciences Identity Hub enables internal and external stakeholders such as researchers, contract research organizations (CROs), and regulatory agencies to quickly and cost-effectively gain trusted access to each other’s intellectual property. The company claims that currently, this solution allows safe collaboration among 500 organizations and 12,000 individuals worldwide.
“Our hub controls access to sensitive information by authenticating identity credentials,” says Takanti. “This capability is critical as collaborations are increasing and people are using digital media more often to send documents across national boundaries and time zones.”
Takanti explains further that it’s not just about the number of collaborations, but the depth of collaboration, which includes sharing custom applications, analytics, and proprietary toolsets to gain insight into ongoing clinical trials. Furthermore, collaboration is no longer limited to information exchange between two stakeholders, but a matrix of stakeholders, each with its own safety concerns, protocols for handling safety issues, firewalls, and portals. “In a large scale collaboration, it becomes complex, resource intensive, and costly to handle all of the collaborations. People want each participating company to manage its own employees and infrastructure, but what you really need is a governance, a set of rules to which all of the parties agree. Without this, people are stuck using multiple passwords and taking several steps to access the necessary information, instead of a single sign-on,” Takanti notes.
Vijay Takanti, Vice President Security & Collaboration Solutions at Exostar
In September, Exostar was approved as a Full Service Credential Service Provider (CSP) by the SAFE-BioPharma Trust Framework. This designation allows Exostar to issue what are known as National Institute of Standards and Technology Level of Assurance 3 non-public key infrastructure electronic identity credentials, which are compliant with the global SAFE-BioPharma digital identity and digital signature standard. These credentials can be used to authenticate cyber identities to most online services in the highly regulated biopharmaceutical industry.
“This approval is significant for the industry as currently, we are seeing dynamic growth in the use of authentication,” says Shields Uehling. “This is a reflection of companies moving processes to the cloud in a major way.”