Reduce operational risk with a strong data classification foundation


Belonging groups reimagine the candidate experience at ServiceNow. People with Disabilities at Now is focused on our foundation by building more awareness and getting more engagement.

Alcon Laboratories is the global leader in eye care, with a history spanning more than seven decades. The company offers a broad portfolio of products to enhance sight and improve people’s lives. Each year, more than 260 million people in 140+ countries rely on its surgical and vision care products to address conditions such as cataracts, glaucoma, retinal diseases, and refractive errors. 

Accurate and timely data classification is a major challenge for most companies in the medical device industry. Regulatory requirements such as GDPR. HIPAA, and GxP can impose significant fines for companies that can’t adequately track and protect data.

Assess once, satisfy many

Alcon’s objective was to reduce operational risk, and harmonize seven siloed business functions and related processes using integrated data classification via an engine powered by ServiceNow. The goal: assess once and satisfy many. Specifically, Alcon needed to assess confidentiality, integrity, availability, and regulatory compliance requirements as the organization migrated applications into the cloud and onboarded new applications using a single engine. The project had diverse stakeholders, including:

  • IT

  • Information Security

  • Business Continuity

  • Privacy

  • GxP

  • Ethics and Compliance

  • Procurement

Collaboration game plan

Alcon enlisted the team at Edgile to help them transform their approach to data classification with ServiceNow at the center. 

To achieve the quick wins that help build momentum and lay the groundwork for future success, the two companies collaborated on a process built on Edgile’s “5-Pass Model” that included the following elements:

  • Pass 1: Risk Register - Define risk and compliance requirements 

  • Pass 2: Applicability Matrix - Apply requirements to the operating environment 

  • Pass 3: Diagnostics - Rapidly identify capabilities and potential gaps and document findings

  • Pass 4: Deep Dive Assessment - Document actual controls to rate risks and identify policy exceptions

  • Pass 5: Control and Testing - Perform testing with evidence and sampling and document remediation plans


A specific “build philosophy” also guided the project and helped optimize the use of resources and effort.

  • Reporting first - Confirm the solution addresses management’s objectives and answers hard questions quickly

  • Rapid build with multiple walkthroughs- Reduce surprises and confirm that the solution is ready for user acceptance testing

  • Training and communication - Confirm that the needed organization change management occurs and that users will have the skills they need to ensure adoption

  • Workflow last - Automate through workflows, notifications, and other alerts to confirm the smoothest possible processes


Other best practices that contributed to the success of the project included a commitment to configuration versus customization, early previews of builds, and a solid plan for User Acceptance Testing (UAT).

Lessons learned, results achieved

The Alcon and Edgile teams found that strong communication and awareness early in the project was vital to its ultimate success and keeping multiple stakeholders and agendas aligned. Having a team member with deep familiarity in GxP validation process, forms, and protocols also proved extremely valuable. Finally, the emphasis on rapid build and review cycles helped identify needed changes early and prevented delays. 

Most importantly, a single engine now satisfies privacy, GxP, ethics and compliance, procurement, and IT and information security—ultimately resulting in a 70% reduction in reporting and analytics time. Automated ratings, consistent reporting, and clear actions and accountability through workflow tickets for follow-on activities are all now consistently tracked and managed via the Now Platform.

Tami Gieder, IT compliance service delivery manager at Alcon, has also seen the project pay off in other ways: “The most surprising benefit has been the culture shift,” she says. “We have a much more collaborative relationship with the other teams involved in projects.”

Watch the ServiceNow Knowledge 2020 session “Learn how a Global Life Sciences Company leverages Now for Data Classification” to find out the details.

Learn more about ServiceNow Governance, Risk and Compliance.

 

© 2020 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

Topics

  • ServiceNow named a Leader in the 2021 Gartner Magic Quadrant for Enterprise Low-Code Application Platforms
    Application Development
    ServiceNow recognized a Leader in 2021 Gartner® Magic Quadrant™ for Low-Code Application Platforms
    For the second straight year, ServiceNow has been named a Leader in the Gartner Magic Quadrant for Enterprise Low-Code Application Platforms.
  • 3 ServiceNow employees who stepped up to help fellow employees in need when COVID-19 hit India: Jeba S., Swaroop T., and Arun S.
    Culture
    Employees helping employees amid India’s COVID-19 waves
    When India’s two waves of COVID-19 capsized colleagues' lives, a group of ServiceNow employees in India rushed to their aid to do “the right thing.”
  • Order management: A man with headphones sits at a computer in an office.
    Telecommunications
    Streamlining order management in telecommunications
    Deutsche Telekom aims to be the best B2B telecom company in the world. For that to happen, order management must be at heart of its business operations.

Trends & Research

  • ServiceNow named a Leader in the 2021 Gartner Magic Quadrant for Enterprise Low-Code Application Platforms
    Application Development
    ServiceNow recognized a Leader in 2021 Gartner® Magic Quadrant™ for Low-Code Application Platforms
  • Gartner Magic Quadrant for IT Risk Management
    Cybersecurity and risk
    ServiceNow: A Leader in Gartner® Magic Quadrant™ for IT Risk Management for Second Year
  • Gartner Magic Quadrant IT service management tool tile.
    IT Management
    ServiceNow is a Leader in the 2021 Gartner® Magic Quadrant™ for ITSM—8 years in a row

Year