Reduce operational risk with a strong data classification foundation


Belonging groups reimagine the candidate experience at ServiceNow. People with Disabilities at Now is focused on our foundation by building more awareness and getting more engagement.

Alcon Laboratories is the global leader in eye care, with a history spanning more than seven decades. The company offers a broad portfolio of products to enhance sight and improve people’s lives. Each year, more than 260 million people in 140+ countries rely on its surgical and vision care products to address conditions such as cataracts, glaucoma, retinal diseases, and refractive errors. 

Accurate and timely data classification is a major challenge for most companies in the medical device industry. Regulatory requirements such as GDPR. HIPAA, and GxP can impose significant fines for companies that can’t adequately track and protect data.

Assess once, satisfy many

Alcon’s objective was to reduce operational risk, and harmonize seven siloed business functions and related processes using integrated data classification via an engine powered by ServiceNow. The goal: assess once and satisfy many. Specifically, Alcon needed to assess confidentiality, integrity, availability, and regulatory compliance requirements as the organization migrated applications into the cloud and onboarded new applications using a single engine. The project had diverse stakeholders, including:

  • IT

  • Information Security

  • Business Continuity

  • Privacy

  • GxP

  • Ethics and Compliance

  • Procurement

Collaboration game plan

Alcon enlisted the team at Edgile to help them transform their approach to data classification with ServiceNow at the center. 

To achieve the quick wins that help build momentum and lay the groundwork for future success, the two companies collaborated on a process built on Edgile’s “5-Pass Model” that included the following elements:

  • Pass 1: Risk Register - Define risk and compliance requirements 

  • Pass 2: Applicability Matrix - Apply requirements to the operating environment 

  • Pass 3: Diagnostics - Rapidly identify capabilities and potential gaps and document findings

  • Pass 4: Deep Dive Assessment - Document actual controls to rate risks and identify policy exceptions

  • Pass 5: Control and Testing - Perform testing with evidence and sampling and document remediation plans


A specific “build philosophy” also guided the project and helped optimize the use of resources and effort.

  • Reporting first - Confirm the solution addresses management’s objectives and answers hard questions quickly

  • Rapid build with multiple walkthroughs- Reduce surprises and confirm that the solution is ready for user acceptance testing

  • Training and communication - Confirm that the needed organization change management occurs and that users will have the skills they need to ensure adoption

  • Workflow last - Automate through workflows, notifications, and other alerts to confirm the smoothest possible processes


Other best practices that contributed to the success of the project included a commitment to configuration versus customization, early previews of builds, and a solid plan for User Acceptance Testing (UAT).

Lessons learned, results achieved

The Alcon and Edgile teams found that strong communication and awareness early in the project was vital to its ultimate success and keeping multiple stakeholders and agendas aligned. Having a team member with deep familiarity in GxP validation process, forms, and protocols also proved extremely valuable. Finally, the emphasis on rapid build and review cycles helped identify needed changes early and prevented delays. 

Most importantly, a single engine now satisfies privacy, GxP, ethics and compliance, procurement, and IT and information security—ultimately resulting in a 70% reduction in reporting and analytics time. Automated ratings, consistent reporting, and clear actions and accountability through workflow tickets for follow-on activities are all now consistently tracked and managed via the Now Platform.

Tami Gieder, IT compliance service delivery manager at Alcon, has also seen the project pay off in other ways: “The most surprising benefit has been the culture shift,” she says. “We have a much more collaborative relationship with the other teams involved in projects.”

Watch the ServiceNow Knowledge 2020 session “Learn how a Global Life Sciences Company leverages Now for Data Classification” to find out the details.

Learn more about ServiceNow Governance, Risk and Compliance.

 

© 2020 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Topics

  • Belonging groups reimagine the candidate experience at ServiceNow. People with Disabilities at Now is focused on our foundation by building more awareness and getting more engagement.
    Business Impact
    The citizen healthcare experience
    Let citizen experiences drive your decision making In healthcare, citizen needs, expectations, and priorities can change quickly and with little
  • Belonging groups reimagine the candidate experience at ServiceNow. People with Disabilities at Now is focused on our foundation by building more awareness and getting more engagement.
    Digital Workflows
    Getting to know IT asset management
    Take IT asset management (ITAM), for example. Yes, we all know what software is. We know what a laptop or desktop computer is. But what does it take to
  • employee workflow solutions help remote employees stay safe 
    Business Impact
    New Employee Workflow Solutions Keep Workforces Safe 
    We will continue to enable a safe and efficient workplace, releasing new workflow solutions and capabilities twice a month to support organizations. 

Trends & Research

  • Business Impact
    The future of the workplace—predictions for 2020 and beyond
  • customer-service-series2.jpg
    Customer Experience
    Six trends driving customer service transformation

Year