SAFE-BioPharma Association

1. SAFE-BioPharma Association • SAFE is a member-governed, not-for-profit enterprise that: • Manages and promotes the SAFE standard • Provides a legal and contractual framework • Provides technical infrastructure to bridge different credentialing systems • Provides SAFE identity credentials, both directly and through vendors • Supports vendors who supply SAFE-enabled products. • SAFE project initiated in November 2003

2. Pharma X Pharma C Pharma B Site ID User ID/ Password Pharma A Pharma D SAFE Key to Scalability • Current environment • Many Credentials • Access control Only • Physical paper signing required • High user complexity • High cost • SAFE environment • One Credential • Access control and eSignature • Eliminate paper signatures • Lower aggregate costs

3. SAFE-BioPharma Association • SAFE-BioPharma Association incorporated May 2005 • AstraZeneca • Bristol-Myers Squibb • GlaxoSmithKline • Genzyme • Johnson & Johnson • Merck • Nektar • Organon • Pfizer • Procter & Gamble • Roche • Sanofi-Aventis

4. SAFE Infrastructure

5. Pfizer: eLab Notebooks Regulatory submissions AstraZeneca: 150+ regulatory submissions via FDA’s ESG: 2252, 1571, 356h and eCTD GSK: eCTD submissions J&J: All J&J certificates are SAFE P&G: Enterprise digital signature 4,500 eLab Notebooks ePurchasing eHR – forms ePatent Filings BMS: External partner authentication Member Implementations

6. SAFE And The FDA • SAFE Member reps with QA/Compliance/Reg backgrounds • FDA key offices engaged since inception • Jointly-developed SAFE/FDA Auditor Familiarization Program • FDA statement on SAFE • Complies with appropriate guidance, especially as related to 21CFR11 • When used as the basis for implementation of a digital signature capability, the SAFE standard facilitates user compliance with 21CFR11 • SAFE-FDA Auditor/Compliance Workshop • Training audit of SAFE-signed submission The FDA’s goal is to eliminate paper from application receipt and review processes. A paperless application process must include legally binding electronic signatures.

7. SAFE EMEA Pilot • Participants • SAFE Evaluation Team: EMEA, GSK, Organon, Pfizer • SAFE EU Advisory Council • EU and Member State regulations • EU implementations • Next Steps • eCTD submission by SAFE member • Auditor workshop – EMEA and Member State Regulators The SAFE Evaluation Team (EMEA, EFPIA, Companies) determined that SAFE meets EU Electronic Signature and Clinical Trial Directives requirements.

8. SAFE Vendor Partners SAFE Partners • ARX • DataLabs • IntraLinks • Solabs • Open Text SAFE Premier Partners • Adobe • Aladdin • Arcot • Bearing Point • CoreStreet • Cybertrust • IBM • IDBS • Microsoft • Northrop Grumman SAFE Issuers • Citibank • Cybertrust • IdenTrust • J&J • BMS • P&G

9. Technical Current/Future Developments • FBCA cross certification • In progress, mid-2007 • Token-less Credentials • Simplify deployment to Research Partners

10. Johnson & Johnson PKI • Existing PKI Cross certified with SAFE September 2005 • Issued ~75,000 certificates to date (employees, partners) • Regulatory Filings • Remote Access (VPN) • Policies require two-factor authentication • Signed/Encrypted email • Certificate-based logon – to the LAN and applications • Hard disk (“media”) and file/folder encryption • Digital Signatures • QA documentation • System Build documentation • Site Monitor Trip Reports • E-Trial Master File application