Questions for Stakeholders forming a local NMVO

The imminent publication of the Delegated Act will set in motion a number of key events and decisions for the members of NMVO’s across Europe. These important organisations have a lot to consider and evaluate. We appreciate that their knowledge of all the detail related to the implementation of the FMD may not be complete. This is not a criticism but more statement of understanding. We live with the details of authentication every day, members of NMVO’s have other responsibilities and demands on their time.

To help us work together we would like to share our thoughts and expertise in a way that will be more beneficial to NMVO members. We think this is a series of questions that will allow the NMVO to build an assessment process that enable them to secure the authentication service that they want and need for their country and its citizens.

We believe that there are three distinct areas that NMVO’s need to focus on with their decision making. These themes allow the NMVO to assess the suitability of their authentication service against their own responsibilities, requirements and accountability. Without knowledge of what is expected of themselves they cannot set in place criteria to judge their suppliers and partners by.

For ease of use we have divided the questions into two parts. The first section covers issues related to:
Security & Responsibilities plus Service & Operations.

The second section will deal with Governance, Finance & Legal.

Security & Responsibilities

1)      Is the NMVO responsible for the security of its service?
2)      How does the NMVO authenticate all of its users every time they use the system?
3)      How does the NMVO encrypt all communication to/from the users?
4)      Who are the users of the system?
5)      What is the damage to manufacturers if the database where the codes are held is compromised? What is the damage if no one finds out?
6)      What will the pharmaceutical companies do if the system is not ready in 2017? In 2018?
7)      Do the pharmaceutical companies understand the regulatory requirements? How long have they had to study them? What are they doing now?