EMA – European Medicines Agency
Information systems for the European Medicines Regulation AgencyDesign and development of parts of the agency's information systems. We worked on modules handling medicine evaluation files, clinical trial monitoring and the secure management of sensitive medical data at a pan-European level — where every error has a real cost to public health.
Contribution to the development of information systems that support the evaluation, approval and monitoring procedures of medicines at a pan-European level.
Highlights
Pan-European medicines regulation
Evaluation and approval procedures
Complex information systems
Critical health infrastructure
Technologies & capabilities of the project
- Java + Spring enterprise stack for validated GxP environments
- PostgreSQL / Oracle for secure storage of clinical data
- Secure clinical dossier management with end-to-end encryption
- GDPR-compliant data handling with data residency within the EU
- Pharmacovigilance reporting (EudraVigilance) with adverse event tracking
- HL7 / FHIR integration for interoperability with healthcare information systems
- Multi-tenant SaaS architecture for national medicines authorities
- Validated environments per GxP (GAMP 5) regulatory standards
- Comprehensive audit trails with tamper-evident timestamps (RFC 3161)
- Role-based access control (RBAC) with fine-grained per-organization permissions
- Document workflows with qualified electronic signatures (eIDAS)
- eCTD (electronic Common Technical Document) integration for clinical trials
- Encryption + key management via Hardware Security Modules (HSM)
- Kubernetes / OpenShift for containerized validated workloads
- Jenkins CI/CD with validated pipelines (Computer System Validation)
- Terraform + Ansible for reproducible regulated infrastructure
- ELK Stack for centralized audit-grade logging
- Prometheus + Grafana for 24/7 observability
- 21 CFR Part 11 compliance for electronic records & signatures
- Annual penetration testing + EMA regulatory compliance audits
- Disaster recovery with RTO < 4h and geo-redundant data replication
- Cross-datacenter active-active high availability