hajar sabuur johnson & johnson worldwide information security [email protected] june 16,...
TRANSCRIPT
Hajar SabuurHajar SabuurJohnson & Johnson Worldwide Information SecurityJohnson & Johnson Worldwide Information [email protected]
June 16, 2005June 16, 2005
www.safe-biopharma.org
What is SAFE?
SAFE – Secure Access for Everyone – is a Standard
Specifies technical, legal, and regulatory compliance standards
A non-profit association (SAFE-Biopharma, Association) to manage the SAFE Standard
The SAFE Standard delivers..
unique electronic identity credentials for legally enforceable & regulatory compliant access control and digital signatures across the global bio-pharmaceutical environment
The SAFE Standard applies to all..
business to business, and business to government / regulator transactions
© T
he N
ew Y
orke
r C
olle
ctio
n 19
93 P
eter
Ste
iner
from
cart
oonl
ink.
com
. All
rig
hts
rese
rved
.
Impact of Today’s Environment
The pharmaceutical industry spends over $1 billion per year on independent identity credentialing models
– Over 200,000 clinical investigators sites, 1,500 CRO’s, 1,000 university medical centers, and 1,000 medical labs (the total amounts to ~700,000 individual users) all use Independent proprietary credentials for remote access to information systems
Paper-based processes – Approximately 40% of all R&D costs are attributed to paper based business processes ($9 Billion in the US alone)– With global geographic locations & time zones, it can take between several days to even months to just obtain one
signature on a paper document
Paperwork = 31% of all health costs / $500 billion this year– Emergency Department: 1 hr. care/1 hr. of paperwork– Surgery & Inpatient Acute Care: 1 hr. care/36 min. paperwork– Skilled Nursing Care: 1 hr. care / 30 min. of paperwork– Home Health Care: 1 hr. care / 48 min. of paperwork
Without a legally enforceable and interoperable identity and digital signature solution, the health care industry cannot eliminate or reduce the loss in time or financial impact of paper-based
processes* New England Journal of Medicine, 2004
Key Points on SAFE
SAFE Provides:– Common credential for access control to internal or business partner systems– Replaces hand-written signatures with digital signatures creating legally
enforceable electronic records– Ensures data integrity of digitally signed documents
Basis:– Hardware based solution (smart card or other device)
• 2-Factor security: something you have and something you know– Closed user community based on mutually agreed legal rules to ensure global
enforceability among participating entities• Bridges local and regional differences in digital signature laws (state, federal,
European, etc)
One hardware device per person, which holds the digital identity
Simplified user environment
Common implementation standard across all biopharmaceutical companies
Clinical Site ExampleClinical Site Example
Pharma APharma B
NCI/caBIG Pharma C
Site IDPharma D
User ID/
Password
Current Environment
Goal
SAFE Environment
SAFE Participants
SAFE Members/Full Members: – Existing Members: Abbott Labs, AstraZeneca, Bristol Myers-Squibb,
GlaxoSmithKline, INC Research, Johnson & Johnson, Pfizer, Procter & Gamble, Merck, Sanofi-Aventis
– Ongoing Discussions: Eli Lilly, Schering Plough, Novartis, Genzyme, Wyeth, Quintiles, Akzo-Nobel/Organon
Government entity memberships in discussion: – National Cancer Institute (NCI), EMEA, and various EU Member State Agencies
Partners & Agencies– PhRMA (sponsor), EFPIA (sponsor), FDA (Reviewers for compliance), EMEA (will
sponsor SAFE Pilot)
SBCA Update
SBCA will be operational by mid July 2005– Cybertrust acting as the SBCA Operational Authority (OA)
– The SBCA directory LDAP only
– The SBCA OCSP Responder
SBCA test environment is available for SAFE Issuers.
Cross certification with the SBCA– Indicate the issuer is SAFE complaint - SAFE Accredited Issuer
– Request for Cross Certification after July 2005 SAFE 2.0
– Many SAFE Issuers will cross certify with the SBCA by end of year or early next year