Skip to content

Cybersecurity Response

Cybersecurity Response

It is of utmost importance that organizations protect the data they produce. The majority of organizations have their data stored in electronic format on electronic systems. This opens the data up to cyberattacks through potential vulnerabilities in hardware and software. There are many ways in which organizations address and implement security measures through technical and procedural controls. This is a constantly evolving field, in which many parties must get involved, when implementing, validating and operating GxP systems that create, control and/or store electronic records and data. A few notable methodologies have been suggested to implement cybersecurity into validating GxP systems in accordance with GAMP, NIST, ISACA and ISO standards.

Currently, ISPE is working with ISACA to create cybersecurity guidance for the industry. Once complete, this guidance will outline measures and controls (procedural and technical) that should be implemented to ensure data integrity and security of electronic records and data. The guidance should also cover ongoing management of cybersecurity including, but not limited to, personnel and their roles, secondary systems that ensure ongoing cybersecurity, and periodic security testing (such as penetration testing). The challenge is in ensuring that these measures are effectively integrated into the existing processes outlined in the organization’s quality management system (QMS). Consideration needs to be given to first integrating cybersecurity into risk and/or criticality assessments, then downstream into system security testing during qualification and/or validation activities.

As the technological landscape evolves, organizations must be more effective in their implementation of cybersecurity measures to ensure the safety of their electronic records and data. These measures must be considered as part of the QMS for all activities involved in the lifecycle of a computerized system. As we wait for the new ISPE guidance, organizations can begin to implement cybersecurity measures in accordance with NIST, ISACA and ISO standards (if they haven’t already). Threats will always exist. The more prepared we are, the safer our data will be.

Recent Posts

14 Years Video_v2

Brevitas is Celebrating its 14th Anniversary this year!

Screenshot (145)

2023 Brevitas October Month-End Meeting

DI Considerations when Purchasing Computerized Systems Featuring Image (2)

DI Considerations when Purchasing Computerized Systems

JDRF Check Presentation Picture

Innovation with community – JDRF

2023 North Carolina Food Bank Donation

Nourishing the Community – Food Bank of Central & Eastern NC


2023 Brevitas April Month-End Meeting

2023 March Month End

2023 Brevitas March Month-End Meeting

SickKids Lunch and Learn

SickKids Virtual Presentation Tour + Donation