GxP AI Deep dive: AI Consulting Security Deep dive: Security Awareness Training Strategy About Book a call
Language
Life Science · GxP · AI

We speak both
GxP and GPT.

Validated systems. Deployed AI. Fewer audit findings.

Independent IT consulting for pharma, biotech and medtech — based in Skåne, working across the Nordics.

See our services Book a 30-min intro
21 CFR Part 11 EU Annex 11 GAMP 5 ISO 13485
Live system
audit trail · gxp-prod-01
09:47:21@anna.lindqvistBatch record BR-2389 createdPart 11
09:47:28systemE-signature capturedsigned
09:48:14@peter.svenssonIQ protocol approvedGAMP 5
09:49:02ml-model v2.1Prediction · conf. 0.973logged
09:49:47systemAccess review — 12 usersverified
09:50:33@anna.lindqvistDeviation DV-0047 raisedreview
09:51:18@qa.reviewerDV-0047 · root cause loggedclosed
09:52:02systemBackup complete · 241 GBAcronis
09:53:15@maria.bergPQ run 03 · passPQ
09:47:21@anna.lindqvistBatch record BR-2389 createdPart 11
09:47:28systemE-signature capturedsigned
09:48:14@peter.svenssonIQ protocol approvedGAMP 5
09:49:02ml-model v2.1Prediction · conf. 0.973logged
09:49:47systemAccess review — 12 usersverified
09:50:33@anna.lindqvistDeviation DV-0047 raisedreview
09:51:18@qa.reviewerDV-0047 · root cause loggedclosed
09:52:02systemBackup complete · 241 GBAcronis
09:53:15@maria.bergPQ run 03 · passPQ
Every action. Timestamped. Signed. Traceable.
What we do

The IT partner for life-science teams that can't afford to get it wrong.

MSET sits at the intersection of regulated IT and emerging technology. We validate systems. We deploy AI with the audit trail regulators expect. We run IT through inspections. We don't sell software — we design what you need and help you run it.

01 / Validation

GxP Systems

Computer system validation, qualification, eQMS rollouts, and ongoing compliance. Built on GAMP 5.

See services 02 / AI

AI in Regulated Life Science

Strategy, validation and governance for AI and ML — built to hold up under inspection.

See services 03 / Security

IT Security & Awareness

Security awareness training, phishing simulation, access control, and backup — the human and technical layers together.

See services 04 / Leadership

IT Strategy & Leadership

Interim IT Director, independent assessments, and multi-year IT roadmaps for regulated environments.

See services
01 / GxP Systems

Validated systems that pass inspection.

Every regulated IT system you run eventually meets an auditor. We design, implement, and document systems so that meeting is uneventful — with rigorous computer system validation built on GAMP 5, 21 CFR Part 11, and EU Annex 11.

Discuss a validation project →

Computer System Validation (CSV / CSA)

End-to-end validation for GxP systems — user requirements through to performance qualification, using risk-based approaches that satisfy regulators without over-engineering.

  • URS · FS · DS · IQ · OQ · PQ
  • Risk assessments (ICH Q9)
  • Traceability matrix management

21 CFR Part 11 & Annex 11

Electronic records and electronic signatures, done properly. Audit trails, access controls, and data integrity across the ALCOA+ framework.

  • E-signature implementation
  • Audit trail review procedures
  • Data integrity controls (ALCOA+)

Quality Management Systems (eQMS)

Selection, configuration, and rollout of electronic quality systems — deviations, CAPAs, change control, training, and document lifecycle in one validated platform.

  • Vendor selection & evaluation
  • Migration from paper / legacy systems
  • eQMS validation & go-live

System Lifecycle Management

Periodic review, change control, and decommissioning. Validated systems don't stay validated by themselves — they need maintenance built into operational reality.

  • Periodic review procedures
  • Change control frameworks
  • Decommissioning & data archival
02 / AI Consulting

AI that works in regulated environments.

Deploying AI in a life-science company is fundamentally different from any other industry. We understand the validation requirements, the data governance expectations, and the regulatory scrutiny that comes with it — and we help you navigate all of it.

Deep dive: AI Consulting services
Start an AI conversation →

AI Strategy & Roadmapping

Pragmatic AI strategies tailored to your regulatory context, data maturity, and organisational readiness.

  • Use-case discovery & prioritisation
  • Data & readiness assessment
  • Phased, regulator-aware roadmap

Validated AI Implementation

AI and ML systems implemented with the rigour of GxP — covering model validation, explainability, and audit readiness.

  • Model validation protocols (IQ / OQ / PQ adapted for ML)
  • Model lineage & audit trail design
  • Performance monitoring & drift detection

Regulatory & Quality AI Use Cases

From AI-assisted document review and deviation analysis to intelligent batch release — practical applications with compliance built in.

  • AI-assisted deviation analysis
  • Batch record review automation
  • Regulatory document intelligence

AI Governance & Change Management

Frameworks for responsible AI adoption — ensuring your teams, processes, and regulators are all aligned.

  • AI governance policy & committee setup
  • Change management for AI-enabled workflows
  • Continuous-learning system controls
03 / IT Security & Awareness

Your biggest security risk is human.

Over 90% of successful cyberattacks begin with a phishing email. Firewalls and antivirus software cannot protect against an employee who clicks the wrong link — but training and testing can.

MSET helps life-science and regulated organisations build a culture of security awareness — combining hands-on phishing simulations with structured Security Awareness Training that actually changes behaviour.

Deep dive: Security Awareness Training programme
Top attack vectors — regulated industries
Phishing email
91%
Credential theft
74%
Social engineering
62%
Insider threat
38%
Ransomware
27%

Regulated sectors including pharma and medtech are among the most targeted globally — high-value IP and patient data are prime targets. Sources: Verizon DBIR 2024 · IBM X-Force Threat Intelligence Index · ENISA Threat Landscape

Phishing Simulation & Testing

We run realistic, controlled phishing campaigns against your organisation — measuring who clicks, who reports, and who is most at risk. Results feed directly into targeted training.

  • Realistic phishing templates (industry-tailored)
  • Spear-phishing scenarios targeting specific roles
  • SMS / vishing (voice phishing) simulations
  • Click-through and credential-entry tracking
  • Instant teachable moment for users who click
  • Per-user and per-department reporting
  • Repeat-testing cadence to measure improvement
secur1ty-update.pharma-it-portal.com
This link was part of a controlled MSET phishing test. Your click has been logged.
✓ Simulation complete

Security Awareness Training

Your people are your perimeter. Our role-based SAT programme turns employees from the weakest link into your first line of defence — with curriculum tailored to life-science and regulated work, and evidence your auditors will actually accept.

  • Role-based e-learning (quality, IT, lab, exec)
  • GxP-specific modules — data integrity, CSV, Annex 11
  • Framework-aligned evidence (ISO 27001, NIS2)
  • Quarterly reporting & compliance trail
  • Annual refresh & attestation programme
Explore the full programme

Security Policy & Risk Assessment

Develop and maintain IT security policies that satisfy both regulatory requirements and practical operational needs — aligned with ISO 27001, NIS2, and sector-specific expectations.

  • IT security policy development
  • Risk assessment & gap analysis
  • NIS2 & ISO 27001 readiness
  • Incident response planning
  • Supplier & third-party risk review

Access Control & Identity Management

The right people in the right systems — and no-one else. Especially critical in GxP environments where access to validated systems must be documented and controlled.

  • Role-based access control (RBAC)
  • MFA implementation & management
  • Privileged access reviews
  • 21 CFR Part 11 access audit trails
  • Joiners / movers / leavers process
Acronis Official Partner

Acronis Cyber Protect

We deploy and manage Acronis Cyber Protect — an integrated solution combining backup, ransomware protection, and endpoint security. Your data stays safe even when attackers get through.

  • Automated backup — servers & workstations
  • AI-powered ransomware detection & rollback
  • Instant recovery · minimal operational downtime
  • Offsite & cloud backup (geographically redundant)
  • Backup integrity verification & audit trail
  • Aligned with GxP data-integrity requirements
04 / IT Strategy & Leadership

From where you are to where you need to be.

Many organisations know their IT needs work — but lack the internal resource or independent perspective to define what good looks like. MSET provides that outside eye: honest assessment, clear priorities, and a practical roadmap to get you there.

Book an intro call →

Interim IT Director

When you need senior IT leadership now — during a transition, a growth phase, a restructuring, or simply a gap between permanent hires — MSET steps in as your Interim IT Director. Experienced, vendor-neutral, and immediately effective.

Available part-time or full-time, embedded with your leadership team, accountable for outcomes.

  • Strategic IT leadership during transitions & gaps
  • IT budget ownership & vendor negotiations
  • Board-level reporting & stakeholder management
  • Team leadership & capability building
  • Regulatory & compliance accountability
  • Handover to permanent hire when ready

Active engagements

IT

Interim IT Director

Life Science — Nordic

Active
QT

IT Steering — Quality & Tech

Medtech Group — Sweden

Active
IT

Interim IT Director

CRO Partner — Europe

Upcoming

Typical engagement structure

Week 1–2
Discovery & assessment
Month 1
Quick wins & stabilisation
Ongoing
Strategic delivery

Independent IT Assessment

An objective, outside-in review of your entire IT landscape — infrastructure, security posture, systems, processes, and team. No vendor agenda. No internal politics. Just an honest picture of where you stand and what needs attention.

  • Current-state IT inventory & audit
  • Security & compliance gap analysis
  • System landscape review (fit-for-purpose?)
  • Vendor & contract review
  • Risk identification & prioritisation
  • Peer benchmarking against industry standards
  • Executive-ready findings report

IT Strategy & Roadmap

Translate your business goals into a concrete, prioritised IT strategy with a multi-year roadmap — covering systems, infrastructure, security, compliance, and capabilities. Built to survive contact with reality.

  • Business & IT goal alignment workshops
  • Multi-year IT investment roadmap
  • Build vs buy vs outsource analysis
  • Cloud & infrastructure strategy
  • Digital maturity assessment & targets
  • Regulatory & GxP compliance trajectory
  • Board-level presentation & business case support
About MSET

Independent expertise. Real-world results.

MSET (Mjukvara som en tjänst) is an independent consultancy based in Skåne, Sweden, operating as Kifarkis Nätsäkerhet. We combine hands-on technical experience with a pragmatic understanding of what it takes to work inside a regulated industry.

We work directly with quality, IT, and operations teams to deliver solutions that hold up under regulatory scrutiny — and serve the people using them every day.

"

Technology in life science should enable better science — faster, safer, and fully compliant. That's the standard we hold ourselves to on every engagement.

MSET Life Science IT & AI
Kifarkis Nätsäkerhet · Skåne, Sweden

GxP & Regulated Environments

Deep, practical experience with GMP, GCP, and GLP environments across pharmaceutical, biotech, and medtech organisations.

AI & Emerging Technology

Hands-on expertise deploying AI and ML tools in organisations where compliance is non-negotiable.

Independent & Vendor-Neutral

We recommend what's right for your situation — not what earns a commission. Honest advice, practical solutions.

Local Presence, Nordic Reach

Headquartered in southern Sweden, working with clients across the Nordics and wider Europe.

Who we work with

Life-science IT is our home — pharma, biotech, medtech, CRO/CMO, diagnostics, gene therapy. The same principles apply wherever compliance, audit trails, and system validation matter.

We're at our best when you're
Deploying AI under GxP Scaling without a CIO Audit prep & readiness Legacy system modernisation M&A IT integration Building a security culture NIS2 & ISO 27001 readiness Validating a new GxP system Cloud migration with compliance Phishing programme rollout

Experience

15+

Years in regulated IT & life-science consulting.

Industries

6

Pharma, biotech, medtech, CRO/CMO, diagnostics, gene therapy.

Frameworks

8+

GAMP 5 · Part 11 · Annex 11 · ISO 27001 · NIS2 · ISO 14971 · GMP · GCP.

Independence

100%

Vendor-neutral advice. We partner where it serves you.

Get in touch

Let's talk about your next project.

Whether you're planning a system validation, exploring AI possibilities, need an interim IT leader, or want an expert second opinion — we'd love to hear from you.

Location

Skåne, Sweden

Email

info@mset.se

Web

www.mset.se

We reply within one business day. Your details are used only to respond to your enquiry.

We store and handle your contact-form details only to reply to you. No tracking cookies, no analytics profiling. See our privacy policy for the full picture.