Curium: Strengthening IT compliance for a secure and scalable future

| minute read

Leading the way in nuclear medicine 

Curium is a global leader in nuclear medicine, specialising in the production and distribution of radiopharmaceuticals used for both diagnostic and therapeutic applications. Operating within a highly time-sensitive supply chain, Curium ensures that its nuclear isotopes—critical for patient treatments—reach hospitals within hours of production. 

As Curium continues to expand rapidly through acquisitions and new business units, maintaining regulatory compliance across multiple jurisdictions, including Europe, North America, and Asia, has become an increasing challenge. 

Following a merger in 2020, Curium needed to harmonise IT systems, policies, and compliance frameworks across its newly unified organisation. The objective was not just to integrate systems, but to build a mature, scalable, and compliant IT infrastructure, aligning with stringent pharmaceutical regulations such as GxP, FDA, and the EU’s NIS 2.0 cybersecurity directive. 

Overcoming fragmentation: The IT compliance challenge 

With the merger, Curium faced fragmented IT policies and procedures, inherited from multiple legacy companies. The lack of a unified compliance framework posed significant risks, including: 

  • Regulatory pressure: Audits from governing bodies like the FDA and European authorities required stringent compliance measures. 
  • Client trust concerns: Pharmaceutical partners conducted their own compliance checks, necessitating a strong IT governance framework. 
  • Operational inefficiencies Outdated policies created bottlenecks in IT governance, impacting day-to-day operations. 
  • Scalability limitations: Expanding into new markets and clinical trials required IT systems that could adapt and scale efficiently. 

Additionally, in an industry where logistical delays can impact patient treatments, IT reliability, security, and governance were mission critical. 

A Strategic approach to IT Compliance 

To address these challenges, Curium partnered with Sopra Steria to implement a comprehensive IT compliance programme. Rather than approaching this as a one-off project, both teams embraced it as a long-term transformation initiative, one that would evolve in tandem with Curium’s rapid growth and operational complexity. 

Together, the teams began by building a robust IT compliance framework. Sopra Steria supported the design and deployment of security policies, IT governance procedures, and compliance assessments—all carefully aligned with GxP and broader cybersecurity regulations. 

To ensure cohesion across Curium’s expanding international footprint, Sopra Steria helped to standardise IT governance, introducing updated procedures for password management, data integrity, and system validation. These foundational policies brought clarity and consistency across the organisation, regardless of geography. 

"Sopra Steria’s flexibility and knowledge of pharmaceutical IT compliance have been invaluable. They are not just an external consultant—they are an extension of our team." 

Ruud Van Stigt

Group IT Risk Management and Compliance Director, Curium

As regulatory demands evolved, particularly with the introduction of the EU’s NIS 2.0 directive, existing procedures were reviewed and updated to ensure full compliance. Importantly, this alignment was flexible allowing for localisation where necessary, such as adhering to stricter FDA standards in North America. 

To sustain momentum and promote transparency, a monthly maturity tracking process was implemented. This framework enabled Curium’s executive board to regularly monitor progress, reinforcing the importance of compliance at the highest level. 

Throughout the journey, Sopra Steria’s consultants were not simply advisors—they became an embedded part of Curium’s internal team. By participating in weekly meetings, providing real-time guidance, and flexibly adjusting strategies to meet evolving needs, they ensured the programme remained responsive, scalable, and aligned with the business's long-term vision. 

Building a future-proof compliance framework 

The partnership between Curium and Sopra Steria has delivered tangible, measurable improvements in IT compliance and operational maturity: 

  • 95% compliance maturity achieved, up from fragmented legacy systems. 
  • Regulatory risk significantly reduced, ensuring smoother FDA and EU audits. 
  • Operational efficiency enhanced, with automated compliance tracking reducing manual workload. 
  • Global scalability enabled, allowing IT policies to support expansion across Europe, North America, and Asia. 
  • Stronger client trust, as pharmaceutical partners recognise Curium’s commitment to compliance and security. 

Curium cites Sopra Steria’s deep industry expertise, adaptable approach, and seamless integration into Curium’s team as key reasons for success. Unlike a traditional external consultant, Sopra Steria became a true partner, evolving alongside Curium’s changing regulatory landscape and business needs. 

As Curium continues its global expansion, Sopra Steria remains a key strategic partner, ensuring that IT compliance, operational resilience, and innovation remain at the core of Curium’s continued success. 

"Curium needed a partner that could provide not only regulatory expertise but also adaptability to their fast-evolving landscape. Our strength lies in our ability to embed ourselves within their team, ensuring that IT compliance is both a strategic advantage and a seamless part of daily operations." 

Tamara Van den Broeck

Quality & Compliance Manager, Sopra Steria

compliance

credibility-integrity

Related content

DORA: A New Pillar of Digital Resilience

The importance of a unified, pragmatic approach to compliance

Klarna proves the impact of successfully scaling AI

Klarna's AI cut costs by 15%, boosted revenue by 23%, saved $60M, and improved customer service. Discover their scalable AI success. 

Sopra Steria joins the Microsoft Intelligent Security Association