Tackling Data, Physical, and Cybersecurity in Pharma Shipping

Show Notes

In this Pharma.Aero podcast episode, industry experts discuss tackling data, physical, and cybersecurity in pharma shipping.
 
Join Frank Van Gelder and his guests
Tanguy Bullier, Health Safety Security Environment Director for EMEA at WFS
Nicola Caristo, Senior Quality Manager at SkyCell, also project expert - Pharma.Aero Security Standards Project
to learn more about the rising need for cybersecurity and the current gaps in digital maturity across the cargo chain.

The conversation highlights the need for standardized, global security protocols, with new tools like digital twins and AI seen as promising but still developing. Proposing a "global security language," the guests argue for a shared security management system to build mutual trust. Importantly, they underline the role of human collaboration, suggesting that coordinated efforts are as crucial as technological advancements to improve security standards and ensure reliable, efficient pharma transportation.

Additional resources:
Pharma.Aero Security Standards Project aims to develop a new harmonised security standard that ensures the safety, integrity, and compliance of temperature-sensitive valuable pharmaceutical products throughout the supply chain. This standard will integrate and harmonise requirements across four critical security pillars: Aviation Security, Customs Security, Asset Protection Security, and Data Security.

Learn more about this project 🔎 Security Standards - pharma.aero - We connect pharma

Transcript

Security Standards Podcast

Frank Van Gelder: Welcome to our Pharma.Aero podcast, today with its main focus security. Security means a lot of things when it comes to transporting pharmaceuticals by air. We as Pharma.Aero are running a project which unfolds on four important layers: aviation security, customs security, asset protection security and data security. Today in this podcast we will give you a flavor of the topic, only as a starter. I am Frank van Gelder, your host, and today with me in the studio we have Tanguy Bullier, WFS. Tanguy is Health Safety Security Environment Director for EMEA and Nicola Caristo, project member of the Pharma.Aero Security Project, and Nicola is also the Senior Quality Manager at SkyCell.

Where should we start? Let's look first when it comes to technological solutions and data security. How technology can help in controlling pharma products and lately to prevent security issues. So I look at you first Nicola, you have been in our projects, what is your opinion on this? 

Nicola Caristo: Thank you very much, Frank. Indeed, I think that this topic will come more and more along our podcast. Our supply chain, especially the air cargo supply chain, but in general for the pharma supply chain, is very fragmented. So the need to be in control of the shipments along the way, starting from the shippers to the patient, is key. We definitely need tools, and nowadays especially IoT tools, in order to control and monitor the shipment. For sure we touch this point. Of course, Tanguy, you know a lot about that. I saw an improvement on our supply chain. We started years ago in simply monitoring the shipment because of the IoT and the tools. Now it's coming the need and we have the possibility to also to predict how the shipment is going to move or manage also the irregularity along the journey. For me, this is covering not only temperature because when we talk with pharma transportation of course we want to monitor in the temperature of the shipment but because we are talking about security even for the geofence is something absolutely critical, the critical control point along the journey so the responsibility linking this to the responsibility of the stakeholders and now is it possible because we have the tool in our industry to do it. 

Tanguy Bullier: To add upon what you were saying I would also highlight the fact that digging up more into information and providing a lot more information into the systems puts the whole system at risk from a cyber perspective and we also need to reinforce very strongly the cyber protection of those systems which are driving IoT and all the features which are associated with the follow-up of the shipments and their security updates. 

NC: You're absolutely right. I mean, this is indeed coming with time. Because of what we just said, the amount of data that we have to manage is terribly increasing, and even sensitive data. Because again, as I said before, we are not only as an industry to manage the operational data of the cargo, of the shipment, but most of the time also the data linked to the stakeholders involved. We have customs data, a lot of data even related to the cargo. And those are for sure sensitive data. And I think that this was where also the regulation and the pillars of the project are going to be helping us, because of course we need to be in control of those data. We need to protect it. Worldwide, we have even different regulation that we need to fulfill. For instance, in Europe we got the GDPR while in the States for instance there are other regulations and this is for sure a challenge for us as an industry but it's also a possibility, it's also helping us to speak the same language that for me it's even another important point. 

FVG: Speaking the same language, IOT devices we heard already many times that IOT is good as long as you keep it going and you don't switch it off and then it needs to be integrated in another platform, and then start to manage those data. So how new tools may impact on data management then and security, Tanguy? 

TB: Those new tools could have a strong impact on the data management, provided you train the people and you bring them to a certain digital maturity. And today we do not have the digital maturity in most of the cargo chain, and that's a big gap we need to bridge. 

FVG: Very interesting. 

NC: Indeed, we are in a pioneeristic era and moment in this very moment, but just to mention something, because we are talking about new tools. For instance, even here during the masterclass, Pharma.Aero masterclass, we discuss about that, right? Two topics, like for instance, digital twins and AI are for sure the most important two, maybe new tool if I can call it like that, that the industry started working on. It's very true, as you said, Tanguy, that we do not have yet the maturity. But this is, in my opinion, a big opportunity because if we set the project and if we agreed to collaborate, and Frank also you mentioned, right, to speaking, we said before, speaking the same language. So again, it's more that why we are doing this is because we not only want to be in control, but we want to avoid irregularities, we want to predict what is going to happen. And these new tools may really help the industry to do this. Yes, it is not mature yet, but we are on it. 

TB: I fully agree with you, Nicola. And we will bring, we'll improve the global trust into the chain while doing so. So this is very important to get into that direction. 

FVG: Very promising, actually, if you hear what can be done. And security is mostly a dry matter, but it becomes more and more tangible. Let us talk perhaps about physical security, right? What are the most important physical security measures in place, specifically for pharma products, of course? Also here, what are future trends there and innovation there? And I stay with you for a moment, Tanguy. 

TB: In terms of physical security today, there are plenty of tools which are currently implemented, like CCTV, the tracking of the packages and those kind of devices which are currently used everywhere. Now, in the future, what we expect to implement is new, more adaptive and more reactive tools which will be able to give more clarity and a higher definition of the transport chain and provide more accuracy in the data as well. 

NC: Indeed. I may add that in my view, when we talk about physical security, I think that the related technologies and tools are definitely more mature, in the sense that since from the beginning, and again, especially even as per my direct experience in the air cargo security, the cargo security industry is pretty strongly regulated in these regards. So we all know what we have to do, even as passengers, when we reach an airport, right? So for the cargo, it's a similar thing. But at the same time, I see some trend also there and innovation that, again, we may link even to the previous discussion. For instance, I want to give a practical maybe example. We know that the bad guys are also active to stole cargo, in particular pharma. We know the risk to have not only counterfeit pharma products, but even regular pharma that simply are stolen and then they are sold in the black market or in the internet, right? So being in control, for instance, of your perimeter or your facilities, it crossed my mind for instance, the facial recognition technology that may link to us as control. Of course, we may say that this is going also to trigger again regulation because it may affect the privacy. So there are a lot of points that need to be clarified. But if I can, to conclude, imagine also the future that what we are bringing now, what we are building now, is really maybe how to link this technology with the regulation, with the why we want to protect the cargo, and to create this ecosystem with tools and data. 

FVG: And it's physical security. And then the type of shipment brings me suddenly to a question. the new therapies that are coming towards us are very challenging. On top it's a pure document security check because you can't open the box, you can't touch the cargo. How do you see there the need for security standards? 

TB: I think there is a strong need for a global review and a better integration of the chain because today the actors are being quite fragmented and they're not always communicating correctly or fully communicating the information, so we need to secure those shipments from the start, from the beginning. 

NC: This is also very true, I also think in the same thing, just to give some again insight also to the audience maybe. When we talk for sure, this is the actual status of the industry in my opinion, when we talk to airport to airport, the chain is pretty in control. So, when the pharma product, even the one that you mentioned, Frank, that of course are very sensitive, because maybe are even related to a patient, right?, maybe Cell and Gene, whatever we want to mention. But we also have to cover the other two legs of the chain, right? From producer to the airport, and from the airport, nowadays, even to the patient, reaching home of the patient. So, this is even the challenge. The stakeholders are different, the technology may be different. And again, talking the same language is important. 

FVG: Fragmentation versus collaboration, we heard the word a lot and we keep on hearing it. A lot of people forget that it's a verb and you have to do it rather than talk about it. But how do you see a collaboration in the area of security standards? 

NC: This is a very nice topic. Even just to share, even personally, I'm very passionate on this. So I have a different perspective here. I mean, but give me also your feedback here. I see and I saw that typically the stakeholders, we wait for regulators. In the sense that our industry, especially the pharma industry and even the air cargo industry is very regulated, the regulators are there, and typically stakeholders wait for regulators, right, or simply apply the rules or the requirement that regulators are defining. Vice versa, I do believe that we can even have a bottom-up approach. Pharma.Aero is really the example where we can, as industry, stakeholders within the industry, can talk together, can create a project like this one, and can show to the industry itself, but at the very end to the regulators, that things can be done maybe in a different way, or technology can be immediately improved in a certain way. And at the very end, to conclude, regulators need the technical committee, need industry experts to even improve new regulation or finetune the actual regulation. 

TB: Yes, Nicolas, I fully agree with what you were saying. We had some quite recent examples of the industry being confronted to a new regulation with a new requirement coming from an external. Well, in that case, it was TSA taking a new emergency amendment and asking for additional security measures. And, as a result, in Europe, now we've got plenty of airlines and plenty of actors coming with specific measures. We are different from each other. So we have a lack of consultation and a lack of agreement of all the actors. So we really need to get a stronger focus on this topic. 

NC: Absolutely, absolutely, Tanguy. And also Frank, we discussed this in the past, right? Talking about Pharma.Aero project pipeline. And because this topic crossed my mind, the need to have more and more as industry a project management approach on this. Because I see the two levels here in the metrics. So, of course, we got the stakeholder collaboration and we are talking about regulation, right? The fragmentation, it's even in these two dimensions. I used to say, for instance, just to clarify also for the audience that practical and typical example is that the pharma company is patient-centric. So, all the requirements and regulation for the pharma company has really based on the safety of the patient. While the cargo industry is more safety-centric, maybe, or, you know, security centric because of the aircraft, because of other regulation that are more maybe custom, security and something like that. So we need to be able to have this clear and to again speak in the same language, to allow these stakeholders to collaborate together and for sure to conclude the regulatory framework is really a tool that we can use in order to identify the overlapping of common requirements that can be used in order to be compliant and to also enhance the supply chain in both worlds, but even the peculiarity, the specific requirements for each and every world, if I may say like that, or for each, even going deep in the granularity, even for each and every specific stakeholders. So I think that this is something that we can do and we have to do it. 

FVG: And it brings me to the relationship really with the regulator, right? We do a lot of times conferences or we do projects, but do you think and how can we do that, that we need to get more and more the regulator really with us at the table? 

TB: I think it's an important point Frank, because the regulators need to be made aware of what the industry is working on and the pharma industry is well ahead of the rest of the other actors, so we should lead them to this reflection and to think about what could be achieved and what could be improved into that matter. If I give you an example, we have plenty of different norms and different regulations which are touching on the same topic. And if we try and harmonise those regulations, bringing in the regulator and showing them the interest of having a harmonised approach, that will bring a lot of benefit to us all. 

NC: Indeed, and you're very right. Let me also come back to the point. You perfectly described how we can do this, harmonise and do it. Let me come back a little bit on the why. and because, Frank, even your question was very clear, so why the regulators should be involved, so what even we as industry experts can offer to them. And in my view, we need to generate value, and we are doing it. We as technical experts, and Pharma.Aero as a committee of technical experts, should be a big value for the regulators, because it's really helping them with the voice of the industry, but again, not in a political way, right, in a very technical way, touching the point of the existing regulator and the regulator that is coming possibly, again, linking to them, to summarise even the new technology that we were talking about, it's really a value for them and for the industry. 

FVG: Regulator part of the full value chain. This brings us to the end of this episode. Gentlemen, what would be your most important conclusions? 

NC: Since you're looking at me, Frank, but this is even me, let's say, as a person, I do believe, okay, we touched a few points. We started from the very technical aspect of IoT devices, tools and something like that, and security. So there is a lot of technicality in what we just described. But in my view, the human factor is still a topic, and it will be. Again, I like to underline the stakeholder collaboration and even this topic of speaking again, the same language, maybe it could be the motto of today's episode. Because again, we can have the best possible tools, IoT, you know, software, hardware, you name it. But if we are not able to work together as a team with a project management approach, with a clear goal, the why, the how, this is not going to work. So the human factor for me, it's an important one. 

TB: I would like to say as well that due to the fact that we are very fragmented and that we have plenty of different norms to apply, we should have a global approach. We should try and reinforce the trust into the system by implementing a security management system which will be shared by the different actors, because this is a very powerful tool which can enable all the actors to get a better trust, mutual trust. And that's a very important point. 

FVG: So, if I can wrap up, both what you're saying, gentlemen, is that you are asking us, actually, to speak the same global security language. Correct. I would like to thank our guests -- thank you, Nicolas, thank you, Tanguy -- and to our listeners, stay tuned to learn more about the Pharma.Aero project on security standards and check its progress on our website. If you enjoyed today's discussion, be sure to subscribe for future episodes where we'll continue to explore the evolving landscape of pharma logistics. My name is Frank van Gelder. Until next time, stay tuned, stay informed and remember the future of healthcare logistics is precision-driven.