Security Posts

Be Aware! Security Training and Employee Engagement

Be Aware! Security Training and Employee Engagement

Tom Colgan, Director of Cyber Security, Pilgrim Quality Solutions, an IQVIA company

As agents of quality and compliance within the Life Sciences industry, we are all well aware of the importance of employee security awareness training in order to be compliant with various frameworks, laws, and regulations, including HIPAA. But in practice, does your organization’s awareness program simply “check the box,” or do you believe your efforts are having an impact?
(more…)

Validated Cloud Solution… absolutely!

Validated Cloud Solution… absolutely!

Ninoshka Ortiz, Senior Validation Specialist, Pilgrim Quality Solutions, an IQVIA company

Life Sciences organizations are progressively searching and shifting to cloud-hosted environments to increase efficiency and reduce costs. But to do so, those organizations must be able to select a cloud service provider that helps to assure the confidentiality, integrity, and availability of data stored in the cloud.

Cloud-hosted environments help Life Sciences organizations with validation challenges and ease the process of qualifying cloud infrastructure with emerging capabilities and tools. In addition to the methods and controls to support the achievement of continuous quality and regulatory compliance, these organizations are seeking ways to maintain their Quality Management Systems (QMS) in a secured and validated state.
(more…)

EU-U.S. Privacy Shield Compliance: Get on Board

EU-U.S. Privacy Shield Compliance: Get on Board

Tom Colgan, Director of Cyber Security, Pilgrim Quality Solutions

As we come up on the first year anniversary of EU commission adoption of EU-U.S. Privacy Shield framework, I wanted to take a few minutes to discuss Privacy Shield and its evolution. EU member states approved EU-U.S. Privacy Shield on July 8, 2016, followed by EU Commission adoption on July 12, 2016. The U.S. Department of Commerce started taking applications for EU-U.S. Privacy Shield on August 1, 2016. Since that time, over 2,000 business entities have submitted the proper registration requirements and been approved as EU-U.S. Privacy Shield certified per the published list on the Privacy Shield website.
(more…)

Protect Your Assets with Web Application Security

Protect Your Assets with Web Application Security

Kumud Bhattarai, Director of Software Development & Enterprise Architect, Pilgrim Quality Solutions

In the era of applications that are either web-based or have some connection to web-based content, making applications secure is one of the most important factors that should be in the back of any system architect’s mind.

Every so often we hear big news about large companies getting breached and private information being stolen from the system. Most of these activities can be attributed to either human weaknesses (such as phishing attacks) or system weaknesses (such as zero-day exploits).
(more…)

Vendor Data Privacy and Security Due Diligence – Don’t be “That Guy”

Vendor Data Privacy and Security Due Diligence – Don’t be “That Guy”

Lesa-Marie Mullen, Senior Legal Counsel, Pilgrim Quality Solutions

Maybe it’s a budget deadline. A price expiring. An important project timeline. The vendor is selected, the lawyers have finished dotting the I’s and crossing the T’s, and the pens are poised to ink the partnership into existence. Suddenly someone shouts, “But we need to do our data privacy and security due diligence!”
(more…)

Identity and Access Management in Quality and Compliance

Identity and Access Management in Quality and Compliance

Stanley Curtis, CTO and Senior Vice President, Software Engineering, Pilgrim Quality Solutions

Identity and Access Management (IAM) has become a necessary part of enterprise IT and the security infrastructure of an organization. While mostly driven by security concerns, IAM also makes life simpler for the end user of enterprise applications. This is particularly true in today’s world of tight integration between disparate enterprise software and the continuing increase in the adoption of ‘Best of Breed’ SaaS applications. (more…)

Lessons Learned Integrating SAML SSO and WS-Federation for Federated Authentication

Lessons Learned Integrating SAML SSO and WS-Federation for Federated Authentication

Leo Barcenas, Sr. Software Engineer, Pilgrim Quality Solutions

Last month we published the Basics of Federated Single Sign-On (FedSSO). This article will discuss Single Sign-On for federated authentication a bit deeper and explore what we learned by implementing and integrating SmartSolve to Identity Providers (IdP).

FedSSO (Federated Single Sign-On) Background

Federated Single Sign-On is a combination of two concepts: Federated Identity and web-based Single Sign-On. Federated Identity is the ability to link different applications or services with their mutual users. It provides a way for partner services to agree on a common and shared definition about the identity of a user authorized to use a service. There is only a single credential for each user. Federated Identity provides a simpler and easier way for administrators to manage and secure users. It also makes it easier for users to manage their credentials. (more…)

Federated Single Sign-On: What you Need to Know

Federated Single Sign-On: What you Need to Know

Kumud Bhattarai, Software Development Manager, Pilgrim Quality Solutions

What is Federated Single Sign-On (SSO), and why does it matter? Guest blogger Kumud Bhattarai explains the basics below. A follow-up post on how Federated Single Sign-On works with 21 CFR Part 11 and a quality management software system will be published next month.
(more…)

A New Focus on Information Security

A New Focus on Information Security

According to the FCC, American small businesses lose billions to cyber attacks annually, and 74 percent of small and medium businesses reported being affected by cyber attacks in the past 12 months. The average cost of these attacks for business, per incident, was $188,242. The most important step your company can take is securing your data. This is not only a good idea financially, but also from a legal and regulatory standpoint.

No information system is without vulnerabilities. Hackers, terrorists, viruses, spam, fraud, data theft, system failures, power outages and more can have a significant impact on an organization’s profitability and sustainability. (more…)