Digital Health & Pharma

Digital technologies are integral to daily life and there is immense scope for use of digital health solutions and automation. While these new fields of application bring benefit they are also bringing new challenges.

Cyber security of patient data, operational safety and security of critical automated and connected devices, the safety, fairness, neutrality of artifical intelligence based system are paramount to the success of those application and systems.

CertX may help you in assessing and mitigation those risk in pharmaceuticals, critical medical devies incl. AI and S/W applications.


CODEMA Protocols

With increasing complexity of materials, equipment and services used in pharmaceutical industry it is becoming more and more difficult to control the quality of suppliers and their products using solely in house resources. On the other hand, advent of personalized medicines presents neverbefore seen challenges equipment is used that was never designed to fulfill GxP requirements (vide case of CAR-T therapies).

The CODEMA protocols developed by its experts together with the University of Applied Sciences and Arts of Southern Switzerland (SUPSI) offer a proprietary evaluation and certification protocols for blockchain and cloud services to evaluate it against compliance and best practices:


  • Evaluation of Blockchain technologies being used – Codema RP 2100
  • Evaluation of cloud services – Infrastructure as a service Codema RP 2200/1
  • Evaluation of cloud services – Platform as a service Codema RP 2200/2
  • Evaluation of cloud services – Software as a service Codema RP 2200/3

We offer the for each protocol 2 different levels of assessment:

  1. Pre-evaluation: This is based on a self assessment being evaluated by our experts and a report defining areas of compliance and non-complianecs (if any) as well as recommendations.
  2. Full and extensive evaluation (after stage 1 completed): Our expert will run through the protocol in an audit (on-site or remote) to evaluate independently the implementation of the protocol. as a result you will receive a full report of the evaluation and in case of no open non-conformities.

Stage 1 can done independently if later on stage 2 is requested or not.


In case of further details or a quote requested, please contact us via the project request frm below.

For a quotation for stage 2 we would need the number of employees and number of different sites, which you may specifiy in the request description.


Your project request – contact us

Please fill the template below for any request you may have. Leave fields empty in case you are not sure or cannot provide the information. We will be happy to get back to you and find out the necessary info in a call or videoconference.

    To get you in touch with the right expert you may further specify the service or request. In case you are not sure please leave it open we will contact you shortly.

    Attachments such a project documents or other relevant information if deemed useful.
    (File Type: pdf, docx, doc, xls, xlsx, ppt, pptx / Size Limit: 20 MB)

    As accredited certification and inspection body we are bound to professional confidentiality regardless of a non disclosure agreement in place or not. Your data will treated with utmost care and deleted upon your request.

    More info on the generic management system certification process please see here and more details on the the Codema Protocols can be found here.

    Cyber security for healthcare solutions and medical devices

    In today’s electronic world, cybersecurity in healthcare and protecting information is vital for the normal functioning of organizations. Many healthcare organizations have various types of specialized hospital information systems, as well as heterogeneous medical devices to manage. In that context both IT (Information Technology) and OT (Operation Technology) assets are considered as critical from different perspective, incl. human safety, and are requiring the implementation of best security practices from any stakeholders involved in the development, integration, operation, and maintenance activities.

    Relevant US and EU authorities recently developed new regulatory framework and guidance for implementing best security practices. Depending from stakeholders’ role, different reference document and requirements have been derived from generic State-of-the-Art document such as ISO 27000 standard series for Information security, or ISA/IEC 62443 standard series for operational cyber security (incl. medical devices).

    The five most efficient cyber defenders are: Anticipation, Education, Detection, Reaction and Resilience.

    Cybersecurity is much more than an IT topic.

    Stéphane Nappo, Vice President – Global Chief Information Security Officer , SEB Group


    A broad service portfolio for tackling end-to-end cybersecurity needs

    For supporting customers in their implementation of best security practices, and ultimately comply with State-of-the-Art methods, CertX Cyber Security Team provide a bench of services for accompanying organizations into their roadmap for secure development and operations, based on four streams:

    • Awareness & Education for preparing your team to apply best security practices required from operators of essential services, derived from relevant regulations (e.g. EU-MDR), applicable guidance (MDCG document) or technical standard series (ISO 27000, ISA/IEC 62443)
    • Compliance check & certifications for evaluating your current products and/or processes, and validate them according to international references
    • Technical evaluation & Testing for challenging your products and/or infrastructure against attack attempts
    • Supporting services for accompanying your team on the right path for implementing best security practices


    Kilian Marty

    Head of Cybersecurity
    T +41 26 309 29 94