Clinical Trial Information Security

Providing confidence in your clinical data and system security

We are built on a solid foundation of information security. Our information security measures are continuously progressing forward in accordance with client requirements, industry best practices, data protection laws, and regulatory requirements on data security. We focus on three main areas to ensure the highest level of security for your information, data and systems:

People. Process. Technology.

The PPD™ clinical research business of Thermo Fisher Scientific has a continuous information security training campaign which provides constant awareness of security concepts. To apply these concepts, we test employees through a phishing simulation program and provides remediation if needed.
We also require annual information security training for every employee to promote awareness regarding human susceptibility to cyber threats and appropriate use of technology.
We have incorporated administrative controls within standard policies and procedures that include industry leading risk management practices.
We have implemented advanced risk management procedures to identify and treat risks that are associated with critical technology systems and sensitive data.
We use a defense in depth approach that offers multiple layers of security controls.
ISO/IEC 27001:2013 Logo

Exceeding information security standards

ISO/IEC 27001:2013 certified

ISO/IEC 27001:2013 is an information security standard published by the International Organization for Standardization (ISO), the world’s largest developer of voluntary international standards, and the International Electrotechnical Commission (IEC).

We achieved this distinctive certification for our comprehensive view of security, including information and data security and physical security of employees, facilities and assets. The ISO/IEC 27001:2013 certification is a powerful mark of our commitment to keeping your assets secured.

CSO50 award winner

We were named a CSO50 award winner for information security initiatives demonstrating outstanding business value and thought leadership.

Adhering to all applicable standards

  • FDA and EMA regulations
  • GDPR data privacy requirements
  • 21 CFR part 11 compliance
  • US government security standards
  • ISO 27001

Our difference

  • Executive level involvement of information security through an oversight committee
  • Focus on continuous employee education and training, as well as third-party and internal risk management
  • Committed to using the best available technology to monitor for threats
  • Risk assessments and risk management on vendors and for cloud hosted and on-premise systems
  • Ongoing internal and external control testing to assess information security controls
  • Meet stringent US government security standards and perform regular security evaluations against those standards

Privacy notice

The company maintains a comprehensive information security policy that seeks to apply technical and organizational security measures that protect personal information, particularly sensitive clinical data, against unauthorized access or loss. Consistent with regulatory requirements, particularly under U.S. state law and the Regulation, we also maintain a detailed Security Breach Policy, which establishes a procedural response to dealing with any breach of personal information, including making any necessary notifications to individuals or governmental authorities.

During times of challenge and beyond

We have always invested in innovative solutions to support your changing business needs, and our approach remains the same during the unprecedented changes brought by COVID-19. Your business continuity, privacy and data integrity are our top priority.

COVID-19 business continuity

Learn more about clinical trial data security

We ensure the highest level of security for your information, data and systems,