SAFE-BioPharma expands its digital-signature scope through a partnership with Exostar
Managing online credentials will streamline industry collaboration
At this week’s DIA meeting (San Diego, June 15-19), SAFE-BioPharma Assn. announced that Exostar, a leading provider of IT-security services to businesses including life sciences, will provide online identity credentials under the SAFE-BioPharma Trust Framework Provider (TFP) service. Specifically, Exostar will be able to meet Levels of Assurance 2 and 3 (LOA 2 and 3) for non-public key infrastructure (PKI) credentials. Exostar manages a 500-member Life Sciences Identify Hub already, but is by no means the only digital-signature service; Safe-BioPharma lists nearly 30 other organizations, ranging from Verizon to DocuSign to Cegedim Relationship Management as industry partners.
Some background: nearly anyone using an Internet-linked computer or mobile device is familiar with the log-on and password process; most of these are set up for use in proprietary or internal networks. To collaborate across networks—especially for clinical trials, supply-chain trading-partner relationships and the like, a method is needed to provide common “identity and access management” (IAM) procedures. Many Internet, telecom and business-IT companies have developed IAM programs; the federal government, including HHS, has established a FICAM (Federal Identity, Credential and Access Management) program as well.
Safe-BioPharma, based in Fort Lee, NJ, was set up as an industry nonprofit in 2003 to establish a common set of standards for IAM. Molly Shields-Uhling, executive director, tells Pharmaceutical Commerce that “it’s been slow going until recently, but now the credentialing process is getting a lot of industry attention.” She notes that having common credentials is becoming essential for the collaborations going on in clinical trials, and so the IAM practices of clinical research organizations need to meet standards like those of her organization. Safe-BioPharma doesn’t compete with the many private enterprises offering IAM, but coordinates and validates their practices.
