Life Science Industry

Situation

A Large Biotech was facing possible FDA, SEC and HIPAA penalties if they weren’t able to demonstrate security and privacy compliance.

  • Auditors demanded enhanced compliance around Information Security and Privacy
  • The FDA, SEC and HIPAA had just completed audits and identified potential issues

Approach
  • L8S started with a gap assessment
  • Crafted a program around the gaps
  • Prioritize activities:
    • Information Security Program
    • Security Remediation Implementation
    • Phishing simulation and Cybersecurity Awareness

Conclusion

Layer 8 Security applied an Information Security Program Manager

  • Conducted Information security risk assessment and established client’s risk appetite
  • Defined Program capabilities and roles/responsibilities
  • Vulnerability assessment regimen
  • Ongoing cyber awareness training and simulations
  • Continuous improvement of Program via semi-annual reviews with client management
  • Saved client from penalties
  • Implemented Enterprise Information Security and Privacy Program
  • Auditors very satisfied with “best in class” information security and privacy program

Key Success Factors
  • Worked closely with client’s executive management to develop and manage an Enterprise Information Security and Privacy Program
  • Used Layer 8 Security Risk Assessment, HIPAA Gap Assessment and Integrated Security Monitoring Tools for integrated program implementation
  • Applied the Layer 8 Security Lifecycle methodology to address controls in order of priority



BACK TO CASE STUDIES

Talk with our award-winning team