Reduce operational risk with a strong data classification foundation


Belonging groups reimagine the candidate experience at ServiceNow. People with Disabilities at Now is focused on our foundation by building more awareness and getting more engagement.

Alcon Laboratories is the global leader in eye care, with a history spanning more than seven decades. The company offers a broad portfolio of products to enhance sight and improve people’s lives. Each year, more than 260 million people in 140+ countries rely on its surgical and vision care products to address conditions such as cataracts, glaucoma, retinal diseases, and refractive errors. 

Accurate and timely data classification is a major challenge for most companies in the medical device industry. Regulatory requirements such as GDPR. HIPAA, and GxP can impose significant fines for companies that can’t adequately track and protect data.

Assess once, satisfy many

Alcon’s objective was to reduce operational risk, and harmonize seven siloed business functions and related processes using integrated data classification via an engine powered by ServiceNow. The goal: assess once and satisfy many. Specifically, Alcon needed to assess confidentiality, integrity, availability, and regulatory compliance requirements as the organization migrated applications into the cloud and onboarded new applications using a single engine. The project had diverse stakeholders, including:

  • IT

  • Information Security

  • Business Continuity

  • Privacy

  • GxP

  • Ethics and Compliance

  • Procurement

Collaboration game plan

Alcon enlisted the team at Edgile to help them transform their approach to data classification with ServiceNow at the center. 

To achieve the quick wins that help build momentum and lay the groundwork for future success, the two companies collaborated on a process built on Edgile’s “5-Pass Model” that included the following elements:

  • Pass 1: Risk Register - Define risk and compliance requirements 

  • Pass 2: Applicability Matrix - Apply requirements to the operating environment 

  • Pass 3: Diagnostics - Rapidly identify capabilities and potential gaps and document findings

  • Pass 4: Deep Dive Assessment - Document actual controls to rate risks and identify policy exceptions

  • Pass 5: Control and Testing - Perform testing with evidence and sampling and document remediation plans


A specific “build philosophy” also guided the project and helped optimize the use of resources and effort.

  • Reporting first - Confirm the solution addresses management’s objectives and answers hard questions quickly

  • Rapid build with multiple walkthroughs- Reduce surprises and confirm that the solution is ready for user acceptance testing

  • Training and communication - Confirm that the needed organization change management occurs and that users will have the skills they need to ensure adoption

  • Workflow last - Automate through workflows, notifications, and other alerts to confirm the smoothest possible processes


Other best practices that contributed to the success of the project included a commitment to configuration versus customization, early previews of builds, and a solid plan for User Acceptance Testing (UAT).

Lessons learned, results achieved

The Alcon and Edgile teams found that strong communication and awareness early in the project was vital to its ultimate success and keeping multiple stakeholders and agendas aligned. Having a team member with deep familiarity in GxP validation process, forms, and protocols also proved extremely valuable. Finally, the emphasis on rapid build and review cycles helped identify needed changes early and prevented delays. 

Most importantly, a single engine now satisfies privacy, GxP, ethics and compliance, procurement, and IT and information security—ultimately resulting in a 70% reduction in reporting and analytics time. Automated ratings, consistent reporting, and clear actions and accountability through workflow tickets for follow-on activities are all now consistently tracked and managed via the Now Platform.

Tami Gieder, IT compliance service delivery manager at Alcon, has also seen the project pay off in other ways: “The most surprising benefit has been the culture shift,” she says. “We have a much more collaborative relationship with the other teams involved in projects.”

Watch the ServiceNow Knowledge 2020 session “Learn how a Global Life Sciences Company leverages Now for Data Classification” to find out the details.

Learn more about ServiceNow Governance, Risk and Compliance.

 

© 2020 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Topics

  • Our journey to net zero by 2030
    Cybersecurity and risk
    ServiceNow commits to net-zero greenhouse gas emissions by 2030
    ServiceNow has committed to achieve net-zero greenhouse gas (GHG) emissions by 2030—two decades earlier than anticipated—across our entire value chain.
  • Zero-trust architecture: A military woman types on a keyboard while looking at three monitors.
    Government
    5 ways federal agencies can augment a zero-trust architecture
    Federal government agencies have been mandated to advance toward a zero-trust architecture. Learn five ways they can augment one using the Now Platform.
  • Now at Work: Helping companies embrace digital transformation
    Events
    Now at Work: Helping companies embrace digital transformation
    The Now at Work 2021 Digital Experience provided a forum for companies to demonstrate how they’re using the Now Platform to bring about digital transformation.

Trends & Research

  • ServiceNow is a Leader in the Forrester Wave: Digital Process Automation, Q4 2021.
    AI and Automation
    ServiceNow recognized as a Leader in Digital Process Automation
  • ServiceNow is a Leader in the Forrester Wave: Enterprise Service Management, Q4 2021.
    Employee Experience
    ServiceNow named a Leader in Enterprise Service Management
  • Supporting hybrid work: A woman looks at a phone while writing in a notebook.
    Employee Experience
    ServiceNow a Strategic Leader in the 2021 Fosway 9-Grid™ for Cloud HR

Year