Leading Pharmaceutical Provider

Information Protection Controls Enhancement

Business Challenge

A leading pharmaceutical provider’s Information Protection Management Guidelines (IPMG) were housed in a cumbersome and hard to use file which contained more than 8 megabytes of data. The guidelines, used by Information Security Officers (ISOs) in each of the client’s division, contained essential standards and controls to meet regulatory requirements and implement the client’s corporate policy for information protection. Due to the contributions of various consulting firms over time, the data was not well organized and was difficult to access on the control level.  As a result, protection of key data was inconsistent and inappropriate.

The Solution

Managing control
requirements for:

  • Over 100 countries
  • FDA
  • SOX
  • EU Data protection
  • Financial services
  • HIPAA
  • ISO 17799
  • CObIT

Acumen Solutions provided expertise to enhance the data and its usability.

  • Assessed current global regulations and standards to determine if control changes were needed
  • Updated controls to the meet latest corporate and governmental requirements
  • Organized the data in a more accessible form and format
  • Prepared data for eventual migration to a global knowledge tool

Acumen Solutions was successful in achieving and then exceeding the client’s goals by:

  • Revising the data structure to reflect a more organized
    grouping of control categories
  • Designing publication formats that supported fast, accurate access
    to regulatory requirements and corporate policy
  • Creating review methodologies that empowered the client’s Information
    Security Council (ISC) to construct cost and implementation models
    based on current and planned projects
  • Reviewing all pertinent regulatory requirements (ISO 17799:2005, COBIT,
    FDA 21 CFR Part 11, HIPAA, and Corporate Policy) to ensure the Guidelines meet requirements
  • Integrated the work done by previous contractors so that the client’s prior investment was fully utilized
  • Acumen Solutions proactively worked with the client’s subject matter experts to craft standards and controls with enough flexibility to accommodate a global enterprise with diverse local laws and requirements
  • Creating cross-walk matrices that enabled current implementation projects to proceed without disruption,
    while paving the way for future requirements and controls to be implemented
  • Delivering the completely updated and revised Information Protection Management Guidelines in multiple formats that supported review, implementation, and migration

 

Technology/Business Expertise

Acumen Solutions provided the client with our team’s extensive expertise and experience. 

  • Created easy to digest reporting formats and structure from the 30,000 informational elements involved in managing this company’s risk, so that mission critical information is accessible to those people who need to see the data
  • Our team’s industry, regulatory and implementation experience was leveraged to reduce the time and expense of updating existing controls and crafting new Guidelines for the organization.
  • Project management expertise coordinated the Acumen Solutions team with numerous stakeholder’s within the organization to ensure that comprehensive reviews, SME input and long-term planning were components of the solution providing a 360 degree solution for the organization overall.

Return on Investment

Acumen Solutions provided specific benefits to the client including the following:

  • Information Security Officers were given data that is more readily accessible and consistent while covering over 100 different countries’ laws and regulations.
    • Government requirements can be easily identified and targeted
    • Business Units have Guidelines for both global and local requirements and law
  • Combining various prior projects and models so both previous and current project efforts and implementations are not negatively impacted by the new Guidelines
  • Cost-of-implementation models help the organization budget projects to achieve compliance with new standards more realistically saving the organization hundreds of thousands of dollars in potential mistakes or lawsuits.

Leading Pharmaceutical Provider: Information Protection Controls Enhancement (PDF Version)