Lemba Therapeutics builds trust in biotech with Vanta and BD Emerson

THE COMPANY

A high-growth biotech startup advancing science to save lives

Lemba Therapeutics is a biotech startup developing new medicines that work by targeting long noncoding RNA (lncRNA).

As a small, fast-growing company in a highly regulated industry, Lemba needed a way to translate biotech-specific security and compliance expectations into actionable steps. 

‍

THE CHALLENGE

The race for GDPR compliance

As a startup, Lemba faced the daunting task of achieving GDPR compliance. As Zachary Singer, CEO of Lemba, notes, “Becoming GDPR compliant is a big lift. It’s something that you typically associate with very large companies and large budgets.” 

Although pivotal partnerships and key clients depended on meeting compliance milestones, Lemba’s lean technical team didn’t have the bandwidth to spend months on manual compliance tasks, like maintaining spreadsheets and tracking audit requirements. To meet their go-to-market demands and ship critical product updates, Lemba needed a compliance solution that could demonstrate their GDPR readiness without slowing down their small team.  

When reviewing options, Lemba sought something that could seamlessly integrate into their existing tools and systems, while serving their globally distributed team. This led them to a clear set of essential criteria:

• A strategic partner that was dynamic and flexible, offering advisory services and hands-on implementation to guide execution. 
• A cost-effective way to avoid a multi-year consultant engagement. 
• A comprehensive solution that offered GDPR readiness, and could be a single system of record for compliance, security, and privacy. 
• A turnkey solution with minimal ramp-up, especially for non-technical team members. 
• Integrations and automated evidence collection to reduce the lift for engineering and technical teams. 

For Alan Rotenberg, Lemba’s CTO, these requirements boiled down to a single need: a true partnership, not just a “cookie-cutter solution” or service.  

‍

THE SOLUTION

A winning partnership for automated compliance 

Research led Alan to BD Emerson and, early on in their conversations, BD Emerson recommended partnering up with Vanta too: “BD Emerson was the only company that pointed out that we needed a tool to manage compliance,” says Alan. And with BD Emerson leading Vanta’s implementation, the platform was live on the first day of engagement, not weeks or months later—something other companies couldn’t promise. 

As Lemba worked through GDPR compliance, BD Emerson handled the technical guidance and legal documentation, translating complex standards into actionable steps. Throughout the process, Vanta’s GRC platform played a critical role in reducing Lemba’s manual effort. 

With continuous monitoring, integrations, automated evidence collection, and policy management tools, Vanta serves as a central hub for compliance, security, and privacy. “We’ve built a lot of processes to meet critical controls , like laboratory processes—how blood samples are received and tested—and build out the documentation hubs,” says Drew. “We’ve also added custom evidence to create a single source of truth.” Alan adds, “The fact that all the integrations are in place and it’s automated means I don’t have to put somebody in charge of chasing employees to sign security documents.”

Communication and operations are also centralized across technical and non-technical teams. Drew notes that with Vanta, BD Emerson can show how they’ve operationalized specific controls, helping to ensure Lemba’s team of PhD scientists that they could remain focused on their mission-critical work. 

"BD Emerson is a key strategic partner for us. They’re our go-to for security and compliance."

Alan Rotenberg, Chief Technology Officer, Lemba Therapeutics

‍

THE IMPACT

From compliance to growth and scalable security 

With Vanta and BD Emerson, Lemba achieved GDPR compliance in just 90 days, a process that Alan says would have taken at least six months with other solutions and partners. This accelerated timeline also had a direct impact on their business, enabling them to secure a partnership with a research firm and a major pharmaceutical deal. 

The efficiency that Vanta and BD Emerson provide for Lemba’s four-person technical team has also been vital. The team can now launch and manage compliance without needing to hire a dedicated compliance head, additional staff, or work with costly consultants. And because Vanta is the single source of truth for IT security and compliance, Lemba’s globally distributed team remains aligned, saving time and increasing productivity. 

Additionally, the partnership between all three companies means Lemba can easily sustain compliance between audits. Continuous monitoring streamlines preparation for certification renewals, which now take a day or two instead of months. 

As Lemba grows, they’re confident that BD Emerson and Vanta will continue to support them. “As we establish new processes, we know we can depend on BD Emerson and Vanta,” says Alan. “Everything will be integrated, and I don’t have to go and hire new people to get things done.”

"Vanta has helped Lemba mature. It's not just staying compliant. It's staying secure."

Drew Danner, Managing Director, BD Emerson

‍