Clinical Trial Information Security

ISO/IEC 27001:2013 Logo

Exceeding Information Security Standards

ISO/IEC 27001:2013 certified

ISO/IEC 27001:2013 is an information security standard published by the International Organization for Standardization (ISO), the world’s largest developer of voluntary international standards, and the International Electrotechnical Commission (IEC).

PPD achieved this distinctive certification for our comprehensive view of security, including information and data security and physical security of employees, facilities and assets. The ISO/IEC 27001:2013 certification is a powerful mark of our commitment to keeping your assets secured.

Providing confidence in your clinical data and system security

We are built on a solid foundation of information security. Our information security measures are continuously progressing forward in accordance with client requirements, industry best practices, data protection laws, and regulatory requirements on data security. We focus on three main areas to ensure the highest level of security for your information, data and systems:


PPD has a continuous information security training campaign which provides constant awareness of security concepts. To apply these concepts, PPD tests employees through a phishing simulation program and provides remediation if needed.
PPD also requires annual information security training for every PPD employee to promote awareness regarding human susceptibility to cyber threats and appropriate use of technology.
PPD has incorporated administrative controls within standard policies and procedures that include industry leading risk management practices.
PPD has implemented advanced risk management procedures to identify and treat risks that are associated with critical technology systems and sensitive data.
PPD uses a defense in depth approach that offers multiple layers of security controls.

CSO50 award winner

PPD was named a CSO50 award winner for information security initiatives demonstrating outstanding business value and thought leadership.

Adhering to all applicable standards

  • FDA and EMA regulations
  • GDPR data privacy requirements
  • 21 CFR part 11 compliance
  • US government security standards
  • ISO 27001

Our difference

  • Executive level involvement of information security through an oversight committee
  • Focus on continuous employee education and training, as well as third-party and internal risk management
  • Committed to using the best available technology to monitor for threats
  • Risk assessments and risk management on vendors and for cloud hosted and on-premise systems
  • Ongoing internal and external control testing to assess information security controls
  • Meet stringent US government security standards and perform regular security evaluations against those standards

Privacy notice

The company maintains a comprehensive information security policy that seeks to apply technical and organizational security measures that protect personal information, particularly sensitive clinical data, against unauthorized access or loss. Consistent with regulatory requirements, particularly under U.S. state law and the Regulation, PPD also maintains a detailed Security Breach Policy, which establishes a procedural response to dealing with any breach of personal information, including making any necessary notifications to individuals or governmental authorities.

During times of challenge and beyond

PPD has always invested in innovative solutions to support your changing business needs, and our approach remains the same during the unprecedented changes brought by COVID-19. Your business continuity, privacy and data integrity are our top priority.

COVID-19 business continuity


PPD ensures the highest level of security for your information, data and systems,