Ensuring regulatory compliance for international pharmaceutical trial validation

Meeting data security requirements for US FDA, HIPAA, and IPSE GxP compliance

Our client, a fast-growing medical research company based in London, was collaborating with a US-based pharmaceutical company on a non-interventional clinical study. They were engaged to provide qualitative and quantitative data collection and analysis. To meet the stringent acceptance criteria set by the US Food and Drug Administration (FDA), they needed to showcase adherence to strict data control guidelines mandated by the Health Insurance Portability and Accountability Act (HIPAA) and IPSE Good Practices (GxP). These guidelines ensure the secure handling of patient health information, aligning with best practices in the healthcare and pharmaceutical industries. Although our client was compliant with UK and US data privacy regulations, they had limited exposure to the collation and management of clinical trial data and budgetary constraints preventing them from investing in a prevalidated technology stack for this project.

Regulatory Compliance

HIPAA - Health Insurance Portability and Accountability Act
Challenges faced:
  • Limited familiarity with clinical trial data security requirements.
  • Limited budget constraints for acquiring prevalidated technology.
  • Need for compliance with US FDA, HIPAA, and IPSE GxP standards.

RightCue’s approach to data security for international pharmaceutical trials

RightCue undertook a Computer Security Validation (CSV) to assess the client’s existing processes and systems. Our team provided advisory support to bridge identified gaps and ensure compliance with US data security standards. The objective was to validate their current processes and systems without the need for a significant financial investment.

Our comprehensive approach involved the following steps:

  • Comprehensive review: We examined the client’s existing policies, procedures, project proposal, and process documents.
  • Stakeholder interviews: In-depth interviews with the project team were conducted to gauge the effectiveness of implemented controls.
  • Regulatory alignment: The identified gaps were analysed against applicable HIPAA Security elements, GxP requirements, and 21 CFR standards.
  • Policy and documentation update: We assisted the client in updating their policies and documentation to address the legal requirements of the project.
  • CSV validation: A formal Computer Security Validation (CSV) was executed to ensure compliance with GxP and 21 CFR standards, and the findings were meticulously documented in a comprehensive report.
Data Security Pharma

Medical Patient Data Protection

Reinforced trust: Establishing medical research data security

Our client can now confidently engage with any US-based client and demonstrate full compliance with US data security and protection standards within their sector. The formal report, detailing the validation processes and compliance measures, was shared with the project sponsor, ultimately contributing to the successful demonstration of legal compliance by the project team. As a result, they secured the prestigious project and reinforced their position as a trusted partner in the medical research domain. This case study highlights RightCue‘s expertise in navigating complex regulatory landscapes and providing effective solutions to ensure legal compliance for clients in the healthcare and pharmaceutical industries.
What our clients think

“We began looking at how to get ISO 27001 certification and CSA Star Level 2. After an extensive search it became clear that while many companies stated they could deliver both, RightCue was the only business that met our requirements.

“The RightCue team were instrumental in the process – to be blunt, if there was no RightCue, we wouldn’t have been able to do this. Their knowledge of controls was outstanding, and they really understood our business.”


“We were keen to develop our IT security to the next level so we could expand our client base as well as giving existing clients further peace of mind. Working with RightCue has been a total pleasure. They are just lovely people and to us they are not only trusted advisors but they feel like part of our extended team.

"Working with RightCue has supported our growth as a business and given us the reassurance we need, knowing that our security and data protection is well developed and managed - that's thanks to RightCue.”


“In early 2021, the ATI established the FlyZero project, with ambitious targets and timeframes. RightCue were involved from the start, contributing ideas and sustainable solutions to keep the project data secure.

“RightCue are so supportive and helpful. They operate almost as a virtual CIO and worked with me on a long-term strategy for IT and security to ensure it remains fit for purpose as the business continues to grow.”


“Beyond the accreditations, RightCue have caused us to think harder. To develop a maturity for our cyber security – processes and ideas for the future, and to think beyond IT to the business implications. Would I work with RightCue again? Absolutely, without hesitation…’


“RightCue helped us to achieve our cyber security accreditations including Cyber Essentials and IASME. But it’s more than that - the protection and management of data is now very much at the centre of our business.

“The RightCue team are absolute stars. Nothing is too much trouble. if you need help with cyber security, you can’t go wrong with RightCue.”


"The team at Rightcue worked very closely with our internal team on our ISO27001 accreditation. They were extremely thorough and rigorous throughout the process, they acted professionally at all times and guided us through each step of the way to attain ISO27001. I would recommend Rightcue to help you achieve your security accreditations.”


"They don’t just do the job and leave. They are at the end of the phone and happy to advise and engage at any time if you need them. If you’re considering Cyber Essentials accreditation, I’d definitely recommend RightCue.”


"Whilst going for a computer security accreditation is never easy, the team at RightCue made it as painless as possible. They were clearly very knowledgeable and as helpful as they could be, given their role as a certification body…”


“There is no doubt working with RightCue saved me a hell of a lot of time. I didn’t have to spend ages researching solutions. I would say RightCue are a very dependable resource, and are reassuringly competent. A good choice if you’re looking to acquire security accreditations…’


“We have been hugely impressed with the team at RightCue. They are very approachable and incredibly knowledgeable...Achieving those accreditations was so much easier, by working with an experienced and accomplished team of professionals, such as RightCue…’


“Having confidence in recommending them to our clients has allowed us to concentrate on playing to our strengths.

All of the RightCue team are very helpful and very willing to go the extra mile. They are very committed to delivering a good service, and that’s why we are always happy to refer them.”


Get in touch with us

If you need data compliance advice or support contact our team of friendly experts to discuss your needs. Our team can guide you through the intricacies of data security and protection standards, ensuring your organisation meets the highest standards of compliance.

+44 (0)1256 260 780