Like in old Greek temples, choosing and assembling the right and lasting supporting pillars is of paramount importance for the reliable and durable design. Analogous and nowadays, similar foundations have to be built to satisfy the demands from the business for fail-safe and persistent IT solutions. In this competency, we have identified four major pillars in which we specialize to help you strengthen IT foundations and thereby support your business:
Each of these areas contributes in a not negligible way to safe, successful, and efficient IT operations.
Due to their importance for your organization, we are often asked to review them, e.g. your IT architectural elements and building blocks or your information security approach, in an audit like fashion. During a short engagement, this allows you to get some valuable feedback where you stand and how you could improve your setup.
For us, talking about IT architecture refers to both, the management or application specific planning, design, and implementation of IT systems as well as performing EAM (Enterprise Architecture Management).
Depending on the size of and current general structure inherent in your IT landscape, we analyze the various elements of these systems, including
which all contribute to their performance. This activity forms the foundation for a definition of your as-is landscape. Besides being used as input for subsequent steps like EAM, it can be used on its own to identify risks and bottlenecks.
At a higher flight height and using the outcome from the systems’ analyses, if required, we support your enterprise architecture management journey to achieve your to-be landscape. This focusses on the major activities:
Achieving 100% Information Systems Security is not possible.
If you accept this statement as a starting point, we gladly work with you to get your organization as close to this unreachable target as your business shall accept the impact.
Over last two decades we have been auditing, analyzing, designing, and supporting the provisioning of information systems security solutions to our customers.
Depending on their needs or the security incident in focus, our contribution to the customer’s IT security team(s) had been delivered at various organizational levels:
All our work in the information systems security domain is strictly oriented on globally accepted best practice standards, among them COSO, COBIT, ISO/IEC 27000 series, ITIL, just to name a few.
From the perspective of IT foundations, the earliest possible adoption and “organizational respect” for legal and regulatory compliance implied rules for day-to-day operation represents one of the major driving forces on the way to operational IT maturity.
This is based on the two inherent preconditions of compliant operations, which is planning-ahead before execution and following processes.
Independent of the particular regulated area,
as well as other possible tasks form one of the major supporting pillars for growing maturity of IT operations.
Our customers are driven by specific industry compliance requirements, like pharmaceutical or medical device industry, or more generic ones like data protection and privacy regulations. Both deeply extend into the information technology processes design and execution framework.
Whereas the former is a long-standing practice in most organizations affected by it, review and possible restructuring does carry potential for efficiency gains due the new risk-based approach of the Good Automated Manufacturing Practice Guide for Validation of Automated Systems in Pharmaceutical Manufacture, version 5 (GAMP 5). Being the most known of the International Society for Pharmaceutical Engineering’s (ISPE) guides, it virtually touches all areas of production and how to process the data within and resulting from it.
Looking at the latter, data protection & privacy regulations, the General Data Protection Regulation (GDPR) of the European Union (EU), being finalized in 2016 and implemented for all individuals within the European Union since the end of May 2018, is the “new kid on the block”.
Being directly binding within European Union and the European economic area without national legislation, it presents a cornucopia of partly new data handling concepts and assigns rights to individuals to control the processing and storage of their personal data. The demands resulting are to be fulfilled by IT organizations as well and they are applicable to each company globally which does business with EU consumers.
In both of these regulatory domains, the solutions we developed together with our customers included
Ideally, for each individual, who needs to interact with electronic systems, there is one and only one corresponding electronic or digital identity.
This electronic identity allows
and much more.
But, in reality, you observe
Sounds familiar? From our experience, you are not alone. Historically grown and continuously practiced maintenance of data silos represents a common practice, to be found in virtually each organization. Especially in the area of management of digital identities, which is the at the core of Identity and Access Management (IAM), most attempts to deliberate such implementations are indeed initiated but stay at the same technical level and the respective silo.
Contrary to that approach, understanding IAM from the beginning as an objective which demands alignment at the corporate level represents the only way to successfully master this topic in both domains, user acceptance and information security.
Working with our customers in this area we always focused and started our engagements by separation of abstract discussions from technical implementation work required. The former is needed to avoid potential barriers which block the solution finding process before it has even started.
This methodology allowed us to achieve together with our clients: