Serialization is intended to put a stop to medication counterfeiting. But what happens when unauthorized individuals succeed in getting their hands on valid serialization data? Reports of attacks on company IT security are becoming more frequent. Data security is therefore a central concern within serialization projects. As operators, pharmaceuticals manufacturers are required to ensure the security of their IT systems. Day-to-day practice however, shows that manufacturer‘s awareness of certain threat scenarios is not sufficient in many cases. Whilst people are mentally prepared for external attacks, such as illegal data tapping or nuisances such as ‘denial attacks’, attempts at internal manipulation are something they rule out and therefore disregard. From the inside however, it is relatively easy for unauthorized persons to gain access to serialization data in a poorly protected system. Any subsequent use of such data with counterfeit medication inevitably harms the manufacturer’s business.
For many serialization systems, security generally plays a secondary role because the providers often lack direct experience in this field. At Atlantic Zeiser, things are different. It possesses years of experience and expertise in software solutions for highly sensitive banknote and security printing. This background is reflected in MEDTRACKER’s highly secure architecture – a unique serialization and track and trace solution for the pharmaceuticals market. Security is ensured on three levels: in the database and application server, in production networks and in external communications. By attending to all three levels, MEDTRACKER clearly stands out from its competitors.
A core aspect of the solution is ’key management’. The application can call up cryptographic algorithms from an appropriate library and use them to secure data transfers or create or store keys. For server security, this means that permanent data are stored in a securely encrypted form. Moreover, security-related measures, such as changing GMP data, are recorded in an audit trail that is secure against manipulation. Encryption between the server and the workplace computer ensures security in the production network. In addition, system access is password-protected for the user and version control checks that all applications are authentic. Communications with external systems can be encrypted by means of cryptographic algorithms.
In addition, the architecture stipulates the methods of data exchange that are allowed and rules out direct communication between workplace computers – only communication by way of the server is allowed. This makes internal data manipulation without an audit trail practically impossible. If you want to be secure in your serialization, you should make sure that the software fulfills security requirements at the server, production network and external communications levels.