Reduce operational risk with a strong data classification foundation


Belonging groups reimagine the candidate experience at ServiceNow. People with Disabilities at Now is focused on our foundation by building more awareness and getting more engagement.

Alcon Laboratories is the global leader in eye care, with a history spanning more than seven decades. The company offers a broad portfolio of products to enhance sight and improve people’s lives. Each year, more than 260 million people in 140+ countries rely on its surgical and vision care products to address conditions such as cataracts, glaucoma, retinal diseases, and refractive errors. 

Accurate and timely data classification is a major challenge for most companies in the medical device industry. Regulatory requirements such as GDPR. HIPAA, and GxP can impose significant fines for companies that can’t adequately track and protect data.

Assess once, satisfy many

Alcon’s objective was to reduce operational risk, and harmonize seven siloed business functions and related processes using integrated data classification via an engine powered by ServiceNow. The goal: assess once and satisfy many. Specifically, Alcon needed to assess confidentiality, integrity, availability, and regulatory compliance requirements as the organization migrated applications into the cloud and onboarded new applications using a single engine. The project had diverse stakeholders, including:

  • IT

  • Information Security

  • Business Continuity

  • Privacy

  • GxP

  • Ethics and Compliance

  • Procurement

Collaboration game plan

Alcon enlisted the team at Edgile to help them transform their approach to data classification with ServiceNow at the center. 

To achieve the quick wins that help build momentum and lay the groundwork for future success, the two companies collaborated on a process built on Edgile’s “5-Pass Model” that included the following elements:

  • Pass 1: Risk Register - Define risk and compliance requirements 

  • Pass 2: Applicability Matrix - Apply requirements to the operating environment 

  • Pass 3: Diagnostics - Rapidly identify capabilities and potential gaps and document findings

  • Pass 4: Deep Dive Assessment - Document actual controls to rate risks and identify policy exceptions

  • Pass 5: Control and Testing - Perform testing with evidence and sampling and document remediation plans


A specific “build philosophy” also guided the project and helped optimize the use of resources and effort.

  • Reporting first - Confirm the solution addresses management’s objectives and answers hard questions quickly

  • Rapid build with multiple walkthroughs- Reduce surprises and confirm that the solution is ready for user acceptance testing

  • Training and communication - Confirm that the needed organization change management occurs and that users will have the skills they need to ensure adoption

  • Workflow last - Automate through workflows, notifications, and other alerts to confirm the smoothest possible processes


Other best practices that contributed to the success of the project included a commitment to configuration versus customization, early previews of builds, and a solid plan for User Acceptance Testing (UAT).

Lessons learned, results achieved

The Alcon and Edgile teams found that strong communication and awareness early in the project was vital to its ultimate success and keeping multiple stakeholders and agendas aligned. Having a team member with deep familiarity in GxP validation process, forms, and protocols also proved extremely valuable. Finally, the emphasis on rapid build and review cycles helped identify needed changes early and prevented delays. 

Most importantly, a single engine now satisfies privacy, GxP, ethics and compliance, procurement, and IT and information security—ultimately resulting in a 70% reduction in reporting and analytics time. Automated ratings, consistent reporting, and clear actions and accountability through workflow tickets for follow-on activities are all now consistently tracked and managed via the Now Platform.

Tami Gieder, IT compliance service delivery manager at Alcon, has also seen the project pay off in other ways: “The most surprising benefit has been the culture shift,” she says. “We have a much more collaborative relationship with the other teams involved in projects.”

Watch the ServiceNow Knowledge 2020 session “Learn how a Global Life Sciences Company leverages Now for Data Classification” to find out the details.

Learn more about ServiceNow Governance, Risk and Compliance.

 

© 2020 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Topics

  • Improving enterprise IT security
    Cybersecurity and risk
    3 ways to improve your enterprise IT security
    These three ServiceNow webinars will help prepare you to boost your enterprise IT security and, ultimately, safeguard your business.
  • In higher education, a university's reputation is tied to student experience.
    Customer Stories
    Why choice is the new currency for higher education
    The pandemic forced the higher education sector to rethink learning options for students. A university’s reputation is tied to student experience.
  • ServiceNow vaccine management solutions are reuniting families.
    Life at Now
    Vaccine management reunites mother and daughter after COVID-19
    After months, Carolyn and Linda have hope of seeing each other in person, thanks to vaccination efforts supported by ServiceNow vaccine management solutions.

Trends & Research

  • Demand for digital services is up. Government can seize the opportunity.
    Digital Transformation
    How government can meet the rising demand for digital services
  • ServiceNow Creator Workflows offer low-code development.
    Application Development
    ServiceNow named a Leader in Low-Code Development Platforms
  • Gartner names ServiceNow a leader in enterprise Agile planning tools.
    Digital Workflows
    ServiceNow named a Magic Quadrant Leader in Enterprise Agile Planning Tools

Year