The European Organisation for Research and Treatment of Cancer (EORTC) is Europe’s leading cancer clinical research organization. EORTC conducts leading clinical research to understand why cancers develop and evaluates and compares the most effective treatment options to improve the survival and quality of life of cancer patients in more than 730 university hospitals and cancer centers in 48 countries.



  • CHALLENGE challenge

    To assess and improve the organization’s security posture.

  • SOLUTION solution

    The Advantio Capability Maturity Assessment (ACMA) provided critical visibility to help the client enhance its security posture.


The EORTC operates in a highly regulated market where clinical trial data is collected in large quantities. Organizations are imposed with significant fines for failing to fulfill their data protection obligations for all sensitive and personal data protected under the EU-wide GDPR. Given the cutting-edge therapies, treatments, and drugs the EORTC is also involved in trialing and developing, IP flowing through its IT systems, it can be a prime target for threat actors. These could be financially motivated cyber-criminals or even nation-state operatives looking to gain an advantage.

Other cyber-risks stem from the large ecosystem of third-party partners the EORTC works with, including clinicians/doctors, hospitals, researchers, and pharmaceutical companies, among others. These collectively represent a significant supply chain risk.

“Our team, mainly working on compliance with clinical trials regulations, had the opportunity to see how the Advantio Capability Maturity Assessment tackles similar concepts in the field of cyber-security. Good Clinical Practices share many common goals and techniques with IT security best practices. The risk-based approach is certainly one of them.”

– Pascal Ruyskart
Head of the EORTC Information Technology department


Developed by Advantio, the ACMA is a framework for assessing security posture which allows organizations to make strategic risk-based decisions about where to target their investments. It focuses on internal policies, external standards, and compliance.

The ACMA’s holistic methodology focuses on IT and cybersecurity business functions, enabling organizations to:

  • Understand their security posture via a qualitative maturity assessment, combining process maturity, risk assessment, and project management
  • Reduce operational risk by putting in place effective controls for security, privacy, business continuity, governance, and compliance
  • Deliver value through a more efficient assignment of resources and budget management, improved visibility into the value delivered by risk management, and engaging the business in risk-based decisions

Advantio was engaged to perform its ACMA on the EORTC’s IT department. This was done in two separate stages, between July and August 2019. First, an onsite assessment rated the maturity of the EORTC’s processes and related adoption. Next, a black box penetration test was performed on its external web-facing applications.

Solution icon


Thanks to a comprehensive ACMA, Advantio was able to provide the EORTC with a full maturity assessment report and maturity score. This gave the customer a good sense of where any security gaps were that needed filling. An implementation plan with timelines and costings provided more information on how the EORTC could go about putting these changes into practice.

In the end, the EORTC was able to gain invaluable awareness of the level of cyber risk facing the organization and its industry peers. With this visibility and a concrete action plan, it was able to take practical steps to improve its cybersecurity operations and build more rigorous defenses against commodity attacks. The organization is now in a much stronger position from a security posture perspective than it was pre-ACMA.

Benefits icon



Tell us more about you and one of our experts will call you back