CASE STUDY. IDC & Managed Hosting



Similar documents
Maximize potential with services Efficient managed reconciliation service

Security Controls What Works. Southside Virginia Community College: Security Awareness

Fly. Wealth and Retirement IT Hosting

Client Security Risk Assessment Questionnaire

Work Your Core: Benefits of SaaS Investment Accounting and Reporting

Keyfort Cloud Services (KCS)

Anypoint Platform Cloud Security and Compliance. Whitepaper

Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured!

Ensuring business continuity after Active Directory disasters

Agio Remote Monitoring and Management

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Database Design, Development and Maintenance Application Design, Development and Maintenance Application Conversions Web Development and Maintenance

Ayla Networks, Inc. SOC 3 SysTrust 2015

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Monitoring & Testing

EHLANZENI DISTRICT MUNICIPALITY NETWORK SCANNING POLICY FOR 2012

ADEC GROUP INFORMaTiON SecURiTY AND CONTROLS

TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) 1. Reporting Function. The Applications Consultant reports directly to the CIO

Microsoft s Compliance Framework for Online Services

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Healthcare Technology Audit Basics. Session Objectives

3/17/2015. Healthcare Technology Audit Basics. Session Objectives. Jennifer McGill, CIA, CISA, CGEIT April 20, 2015

Frontier helps organizations develop and rollout successful information security programs

3rd Party Assurance & Information Governance outlook IIA Ireland Annual Conference Straightforward Security and Compliance

Pacom Systems. All rights reserved.

Netmagic Migrates and Consolidates Credit Information Company s Data Center

Compliance & Policies

Best Practices in Developing an IT Disaster Recovery Plan. Vijaykumar Kulkarni AGM Product Management

Domain Name Service Service Level Agreement (SLA) Vanderbilt Information Technology Services

Active Directory Auditing The Need and Result

Managed information and communications technology solutions

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Beyond disaster recovery: becoming a resilient business.

BMC s Security Strategy for ITSM in the SaaS Environment

Work With Genesis Insurance Company

APPENDIX C - PRICING INDEX DIR-SDD-2514 VERIZON BUSINESS NETWORK SERVICES, INC SERVICES

Cloud Vendor Evaluation

Ratnakar Bank Chooses Netmagic s Data Center Services to Accelerate Business Transformation

CASE STUDY. Online Retailing

AVAILABILITY SERVICES MANAGED SERVICES

Domain 1 The Process of Auditing Information Systems

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

An organization properly establishes and operates its control over risks regarding the information system to fulfill the following objectives:

JOB DESCRIPTION/PERSON SPECIFICATION

How To Audit Telecommunication Services And Enterprise Security

Cloud Security Trust Cisco to Protect Your Data

VENDOR MANAGEMENT. General Overview

Managed Service Plans

At the Heart of Connected Manufacturing

CRISP Technologies Inc.

JOB DESCRIPTION CONTRACTUAL POSITION

Managed Enterprise Internet and Security Services

INFORMATION TECHNOLOGY ENGINEER V

Accelerating the Success of Healthcare Information Technology

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

Walton Centre. Document History Date Version Author Changes 01/10/ A Cobain L Wyatt. Monitoring & Audit

SaaS Adoption Lifecycle in Life-Sciences Companies

(Instructor-led; 3 Days)

Vendor Audit Questionnaire

Gain Efficiency, Cost Savings and Compliance with Iron Mountain s Portfolio of Services

LuxCloud uses Tata Communications Managed Services to build its cloud services platform for the Asia Pacific market

Cloud Technology Platform Enables Leading HR and Payroll Services Provider To Meet Solution Objectives

Internal Audit Report on. IT Security Access. January January - English - Information Technology - Security Access - FINAL.

CHIS, Inc. Privacy General Guidelines

ISMS Implementation Guide

Weighing in on the Benefits of a SAS 70 Audit for Third Party Data Centers

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

JOB DESCRIPTION. Director of e-learning. Strathalbyn and Murray Bridge PURPOSE OF THE POSITION

SHARING BEST PRACTICES IN INFORMATION SECURITY PREVENTION TIPS & RESPONSE TECHNIQUES

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Information Technology General Controls And Best Practices

Use of Exchange Mail and Diary Service Code of Practice

Cloud Assurance: Ensuring Security and Compliance for your IT Environment

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

FoundationIP. Your scalable, seamless, state-of-the-art solution

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

W H I T E P A P E R I m p a c t o f C y b e r s e c u r i t y A t t a c k s a n d N e w - A g e S e c u r i t y S t r a t e g i e s

CounselorMax and ORS Managed Hosting RFP 15-NW-0016

Cisco and VMware Virtualization Planning and Design Service

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant

Business Continuity & Crisis Management

Library Systems Security: On Premises & Off Premises

The Next Generation of Security Leaders

Puzzled about PCI compliance? Proactive ways to navigate through the standard for compliance

CHECKLIST FOR THE CLOUD ADOPTION IN THE HEALTHCARE PROVISIONING INDUSTRY

System Description of the Date Center System Relevant to Security and Availability (SOC 3) November 1, 2011 through April 30, 2012

EXCHANGE SERVER 2013 MESSAGING

The Difference Between Disaster Recovery and Business Continuance

Delphi Information 3 rd Party Security Requirements Summary. Classified: Public 5/17/2012. Page 1 of 11

Security Threat Risk Assessment: the final key piece of the PIA puzzle

Data Center Build vs. Buy

Network & Information Security Policy

Frequently Asked Questions (FAQ) Guidelines for quality compliance of. eprocurement System?

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

San Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP

SCOPING QUESTIONNAIRE FOR PENETRATION TESTING

Information security due diligence

Transcription:

Netmagic Helps Pharmaceutical and CPG Company with Reliable, Robust Infrastructure and Adhere to Compliance with Audit Services Life Sciences companies have been making headway in the global scene for over 100 years. Companies in the medical devices, pharmaceuticals and consumer packaged goods face a marketing environment with fragmentation across customers, and with a limited commercial window in which to maximize sales outcomes. So it becomes critical for them to address some core challenges that they face in the market currently. Some of the challenges facing the industry are: High pricing pressure and managing a healthy profit share Reducing the time-to-market for new products Coping with impact of healthcare reforms, fragmented consumer approaches Optimizing R&D spends Enhancing the quality of products and processes specially with legal issues being so rampant Adapting to compliance requirements due to stringent regulations Capturing and growing in emerging markets Leadership in this market depends on the incumbent s set of three commercial capabilities marketing excellence, sales force excellence, and commercial operations. They would also need to put in place strong organizational capabilities to sustain performance and manage rising complexity, collaborate with stakeholders within and outside the industry, and adhere to rising regulatory and compliance norms within the healthcare and pharmaceutical industry. ABOUT The Client The client is a global medical devices, pharmaceutical and consumer packaged goods company with leading foothold in the Indian market for over 50 years. In India they employ over 2000 people and the businesses span Consumer, Medical Devices & Diagnostics, Pharmaceuticals and Vision Care. The client was challenged with managing hosting of a few servers running a business critical application their Dealer Management System that they wanted to be managed by a third party provider. They were looking to manage their dealer network of over 300 within India, through this application. While the hosting of a few servers may sound simple enough, it is the nitty-gritties involved that makes it challenging. The company being a global giant in the industry is very stringent in their norms and outsourcing policies in adherence with prevalent global compliance and regulatory requirements. In this case, the client was looking for a partner who will comply with their Business Partner Risk Assessment (BPRA) norms, manage the entire hosting and adhere to their disaster recovery (DR) policies, and abide by their global security policies.

What did the Company do to address these challenges? What solution suited the purpose? It started in 2009 when they were looking for a hosting partner to collocate their 2 servers initially. Netmagic was chosen to host these 2 servers and manage the same. Netmagic completed the Business Partner Risk Assessment (BPRA) questionnaire and successfully got selected as the preferred partner. The client s Dealer Management System with their database is hosted on these servers windows based servers. For 6 months these servers were used to test for robustness, reliability and availability of the service provider. Within 6 months of operations the client placed another order for additional 4 servers now that the client was happy with the services of the provider under various parameters that were critical to the clients need for this application robustness, reliability and availability. The application Dealer Management System is managed by the client s internal IT team. Management of the server that hosts this application, and the database management are done by Netmagic. To adhere to their Disaster Recovery (DR) policies, Netmagic also provides Peta Vault storage as backup services wherein they do online backup. The Audit The Audit firm evaluated the design of the controls, whether the controls were placed in operation and whether the controls operated effectively during the period under review. The domains in scope for the audit are as below: HR Processes Training / Education Physical Security Environment Protection Service Delivery Logical Security Computer Operations In 2012 the client conducted a Vulnerability and Penetration Testing (VAPT) in adherence to their global Incident Management security policies. Netmagic was given the responsibility of managing the security of the servers hosting the application. The client wanted to comply with each aspect of the BPRA sheet and Netmagic helped by upgrading the infrastructure to meet the security needs, and also provided 6 SSL certificates. The criticality of the application was that the servers also had financial data from their dealers. It was important that the service provider also understood the criticality of adhering to the customer s compliance and security requirements. To fulfill the customers requirement on compliance, Netmagic contracted with a Big 4 Audit firm to provide an independent auditors opinion on the effectiveness of controls (Service Organization Controls) at Netmagic based on the ISAE 3402 standard.

Why did the Company close on Netmagic Solutions to become the technology partner? Solution Snapshot Managed Server Management Managed Security Services IOne of the key reasons for choosing Netmagic to be their technology partner was the provider s ability to bring in solutions and services that would address the clients challenges under one roof. The flexibility of tweaking solutions to clients need was a key factor in clinching this partnership. Compliance Support on Service Organization Controls (SOC) Key to choosing the right partner was the adherence to the clients BPRA guidelines, which Netmagic was able to do successfully. Netmagic s ability to understand the client s criticality of the solution provider was another key factor that landed them with more services to manage. Netmagic currently hosts the application on a robust and reliable infrastructure with 99.99% availability, manages the infrastructure, provides back up services, and manages their security of the application and infrastructure based on policies set by their global IT teams. Netmagic provides a comprehensive basket of services for IT infrastructure management. For the client, this meant that as their business grew either through acquisitions or organically, their IT infrastructure could too seamlessly scale up. In IDC and managed hosting, the Netmagic offerings included collocation services; dedicated hosting; bandwidth services; managed backup and storage; managed load balancing; and firewall services. In infrastructure management, the Netmagic InfraManage solution covered administration, operations and management of IT infrastructure. One of the strongest reasons that clients chose Netmagic was the fact that Netmagic offered a depth of capability and expertise well beyond the contracted requirements. This means that when the client needs to scale up their business, they could easily do so without their IT infrastructure and its management becoming a constraint. The feather on the cap was to provide the customer with an independent opinion on the service organization controls which helped the customer adhere to their compliance and regulatory requirements. Figure 1.1 shows the solution and flow of activities that helps the customer adhere to their compliance need.

BENEFITS Derived The solutions provided by Netmagic have been in production since 2009. The client runs their Dealer Management System with critical data on reliable and robust infrastructure with 99.99% availability guaranteed to them by Netmagic. Their compliance norms for security and disaster recovery policies are being adhered to and completely managed 24x7 by Netmagic. They have been able to reduce cost and complexity with the outsourcing deal with Netmagic. The client is able to achieve 24x7 availability and monitoring of IT infrastructure to enable proactive &significantly reduced disruptions to operations. Service Auditor Report from Netmagic helps the Client receive valuable information regarding the organization's controls and the effectiveness of those controls. They receive a detailed description of the controls and an independent assessment of whether the controls were suitably designed, placed in operation and operating effectively (in the case of a Type II report). It helps the client provide the Service Auditor's Report to their auditors, which greatly assist the user auditor in planning the audit of the user organization's financial statements. The client is on a growth trajectory in India and partnership with Netmagic with their flexible solutions and robust and reliable infrastructure. For further information, log on to www.netmagicsolutions.com or mail to marketing@netmagicsolutions.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information