Pharmaceutical industry banking identity standard on PKI

Leading companies and agencies within the biopharmaceutical industry Wednesday released a proposed standard based on PKI for securing documents with digital signatures in an effort to satisfy regulatory requirements.

The Secure Access For Everyone (SAFE) initiative, which began late last year, was developed by the biopharmaceutical industry and government regulatory organizations, including Abbott, Aventis, Amgen, Bristol-Myers Squibb, Covance, GlaxoSmithKline, Johnson & Johnson, Eli Lilly, Pfizer, Procter and Gamble, the Food and Drug Administration (FDA), the European Medicines Agency (EMEA), the European Federation of Pharmaceutical Manufacturers Associations (EFPIA), and Pharmaceutical Research and Manufacturers of America (PhRMA).

The intent is to create legally enforceable and regulation-compliant electronic signatures for business-to-business and business-to-regulator transactions. The model is similar to that used by Identrus, which was started in 1999 by a group of financial institutions to secure transactions.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Leading companies and agencies within the biopharmaceutical industry Wednesday released a proposed standard based on PKI for securing documents with digital signatures in an effort to satisfy regulatory requirements.

The Secure Access For Everyone (SAFE) initiative, which began late last year, was developed by the biopharmaceutical industry and government regulatory organizations, including Abbott, Aventis, Amgen, Bristol-Myers Squibb, Covance, GlaxoSmithKline, Johnson & Johnson, Eli Lilly, Pfizer, Procter and Gamble, the Food and Drug Administration (FDA), the European Medicines Agency (EMEA), the European Federation of Pharmaceutical Manufacturers Associations (EFPIA), and Pharmaceutical Research and Manufacturers of America (PhRMA).

The intent is to create legally enforceable and regulation-compliant electronic signatures for business-to-business and business-to-regulator transactions. The model is similar to that used by Identrus, which was started in 1999 by a group of financial institutions to secure transactions.

The proposed SAFE standard will help companies comply with the Food and Drug Administration regulation 21CFR Part 11, which governs electronic signatures and record keeping.

“The goal is to have a standard that in combination with business practices, hardware and software allows us to put secure digital signatures on documents,” says Alan Goldhammer, associate vice president for regulatory affairs at PhRMA. Goldhammer says the group is in the proof-of-concept stage with version 1.0 of SAFE. “We think this can be used to solve a great number of regulatory requirements where a signature is required,” he said. Eventually, the standard could be used for authors, reviewers, editors and others to digitally sign documents they create or alter.

Goldhammer says it could be another 12 months before use of the standard is widespread.

SAFE is notable because it is based on Public Key Infrastructure (PKI) technology, which has never lived up to its promise for creating an infrastructure for the secure exchange of identity using public and private keys.

For years, biopharmaceutical companies and regulatory agencies, which deal with mountains of documents during the development of new drugs, relied on a mish-mash of proprietary PKI technology, forcing companies to adopt each other’s technology to securely exchange and collaborate on electronic documents. SAFE is designed to replace that system.

SAFE organizers hope to create a single electronic signature standard for worldwide use, aiding in regulatory compliance, helping companies manage liabilities, and supporting electronic collaboration.

A number of vendors are working to support the standard, including content management vendor Open Text; Kyberpass, a provider of a server-side trust integration; and Arcot Systems, which provides a client-side digital identity plug-in. Currently Wells Fargo and the Royal Bank of Scotland are serving as Certificate Authorities, which are trusted third parties that issue, manage and revoke the digital certificates used as part of SAFE.