Posted on Lab Informatics. 6 July, 2020
One of the world’s leading biopharmaceutical companies, initiated an Enterprise Cyber Resiliency initiative to protect and isolate its manufacturing sites from cyber-attack and have the ability to sustain operations in light of a corporate-level attack. A key facet of the customer’s cyber resiliency approach was segmentation to establish limited, controlled sharing across operations and infrastructure.
Due to Astrix Technology Group’s (Astrix) expertise with enterprise-wide laboratory information systems, experience working with other biotech and pharmaceutical companies, and track record of eliminating risk and delivering on similar projects for other life science organizations, the customer chose Astrix to conduct an assessment of its laboratory systems across five global manufacturing sites.
The customer had cybersecurity concerns in two main areas: quality control (QC) laboratory instrumentation and their associated data acquisition systems. Specifically, the customer sought input from Astrix in the following areas:
In order to effectively accomplish the project objectives, the Astrix Team engaged with the customer on 5 critical tasks, each of which is outlined below:
Task #1: Project Initiation and Kickoff Meeting
Initially, the Astrix Team reviewed information provided by the customer offsite to become familiar with the current state of laboratory operations, as well as review the plans for laboratory system segmentation and instrument migration. This was followed by a Kickoff Meeting that served to introduce the Astrix Team and the customer’s core project team members, review and confirm the project scope, and finalize the project approach with input from the customer to establish a shared project vision and focus.
Task #2: QC Lab Applications On-site Assessment
The Astrix Team went onsite to one of the manufacturing sites to review the customer’s plans for the QC lab application hardening effort. The proposed changes included technical upgrades for the three key laboratory systems:
The Astrix Team reviewed plans for these upgrades in detail leveraging its deep domain knowledge while meeting with key stakeholders and gathering additional documentation.
Task #3: QC Lab Applications Assessment Report
Using the knowledge gained during the site visit about the customer’s QC lab application segmentation approach, the Astrix Team produced an assessment report that included:
Task #4: OCR Instrument Migration On-site Assessment
The Astrix Team performed an onsite assessment at one of the manufacturing sites in order to evaluate all factors which could accelerate the transition of instruments at each site to secure OCR infrastructure, while also reducing complications in the process. Items considered during this migration assessment included:
Task #5: Instrument Migration Assessment Report
Leveraging information gained during the OCR instrument migration assessment, the Astrix Team produced a report which included:
The Astrix team provided a detailed assessment of the strategic approach necessary to achieve cyber resiliency of the informatics platforms throughout the 5 global sites by establishing limited controlled sharing across their operations and infrastructure, thereby minimizing or eliminating risk from potential cyber-attack. The risk assessment provided recommendations surrounding hardening of the CDS, LMES and CIMS systems and the technical upgrades required to support cyber resiliency measures.
As a longer-term effort, a migration assessment was conducted in preparation for the accelerated transition of the site wide instrumentation to the new secure OCR infrastructure to achieve minimal disruption to the ongoing operations of the organization. With over 25 years of experience and expertise with enterprise-wide laboratory informatics systems, the Astrix team was able to provide an industry proven strategic approach to mitigate risk and achieve cyber resiliency across a multi-site global biopharmaceutical company.
Copyright (C) 2021