Over the past 18 years, Forte has continued to grow and mature the solutions and support we provide our customers at academic medical centers, cancer centers, health systems and more. As a result, we’ve worked hard to continuously improve and adapt our policies and procedures to meet the industry standards expected of vendors in the research space and ensure our customers’ data is secure and protected.
Forte reached a new milestone in data security and product quality process enhancement this month by achieving International Organization for Standardization (ISO) 9001:2015 and 27001:2013 certifications. By meeting the extensive criteria set forth in these two standards, we affirm our commitment to delivering the highest level of data security and product quality for our customers. We’re very excited to receive these certifications and validate the hard work we’ve put into our existing processes to ensure our solutions meet the needs of our growing customer community.
Our decision to pursue ISO certification
As the healthcare industry continues to adopt cloud-based applications and the movement towards vendor-managed infrastructure broadens, we’ve seen a notable shift in organizational requirements for vendors to demonstrate sound information security controls are in place before entrusting a vendor to manage the organization’s sensitive data. Alongside the numerous operational benefits to switching from on-premises, self-managed solutions to vendor-managed solutions, such as Forte Managed Infrastructure, the Forte team understands there must be a significant degree of trust between an organization and their vendor to ensure all organizational information is secure, protected, and accessible. When speaking with our customer community, we realized there was a need for us to formally validate our existing processes to meet their evolving organizational requirements for data security and product quality. As a result, we took the steps necessary to pursue external certification for both the ISO 9001:2015 and ISO 27001:2013 standards.
Based on the idea of continual improvement, ISO 9001:2015 ensures organizations have quality management system processes in place that confirm customer requirements are understood and implemented in the products offered and improve overall customer satisfaction. ISO 27001:2013 establishes comprehensive information security management system requirements and confirms an organization has documented and implemented the procedures and policies necessary to ensure comprehensive security controls are in place. Forte chose to pursue certification for these intensive ISO standards above other options to confirm our quality and information security management system meets industry best practices in these areas, as well as all requirements expressed by our customer community.
Years of preparation
Thanks to extensive internal and external audits conducted over the course of several years, we already had many of the necessary policies, procedures and technical infrastructure in place before deciding to pursue the dual certifications. Prior to deciding to pursue third-party ISO certification, Forte worked with external parties for several years to better understand and implement the industry accepted quality and security controls required for compliant research solutions. These preparations and continual process improvements allowed us to expand the solutions we offered our customers and support compliance with industry standards, such as 21 CFR Part 11 and HIPAA.
When the decision was made in early 2017 to pursue ISO 9001:2015 and 27001:2013, we contracted an additional third-party organization to undergo a dual audit of these standards. Since we were already complying with many standard requirements for vendors supporting 21 CFR Part 11 and HIPAA in the life sciences/research arena, we were well positioned to gain certification by demonstrating compliance with both standards less than a year after the decision was made to move forward.
A collaborative effort
The process of achieving these certifications involved contributions from all Forte team members. Several team members contributed to the creation of our quality and information security management system and all team members are required to comply with the documented policies and procedures put in place. The dedication and diligence of each individual at Forte allowed us to undergo concurrent audits and ultimately achieve a goal that typically takes organizations years to accomplish.
While these efforts were led by the Compliance and Regulatory Affairs team, many teams were instrumental in all aspects of the preparation and internal auditing of our processes, both as we pursued ISO certification and through the many years of process improvements and security system enhancements leading up to the audits. It’s not often that third-party auditors have the opportunity to sit down and speak with the individuals who actually wrote the documentation they are reviewing. The time and effort put into this process truly reveals how committed each Forte team member is to providing the best quality and secure solutions possible in support of our customer community.
Visit our Solutions page for more information on Forte’s integrated portfolio of standards-based solutions.