Business Sector: Pharmaceutical
A growing biopharmaceutical company focused on novel therapeutics had 224 personal computers (PCs) deployed in the laboratory at their primary manufacturing site. The customer was interested in finding an efficient and cost-effective way to manage these assets. Due to Astrix Technology Group’s (Astrix) expertise with laboratory computing including PCs, experience working with other biotech and pharmaceutical companies, and track record of eliminating risk and delivering on similar projects for other life science organizations, the customer chose Astrix to provide laboratory computing managed services for this site.
The customer was experiencing a number of challenges in managing their PC assets that they hoped to mitigate with a managed services solution:
- The customer’s IT department was finding that maintaining and managing laboratory computing assets was an increasingly time-consuming process that was taking more and more resources away from supporting core business activities.
- There was no corporate standard established that helped manage and mitigate risk in these assets and the corporate network.
- Many of these PCs were utilizing outdated operating systems (OS) that were either no longer being supported and/or inadequate to address security concerns.
- Data backup systems on laboratory PCs were not standardized.
- Computer downtime due to service issues was often significant.
- IP protection was not adequately addressed in the laboratory PC environment.
- Access controls and validation efforts were not adequate to ensure regulatory compliance.
- Laboratory PC management activities were not adequately documented.
The Astrix Team created a Laboratory Computing Managed Service for the customer for all the PCs at their main site. The program included stand-alone PCs and PCs attached to instrument systems, but did not cover office PCs.
An SLA was developed with the customer that ensured laboratory PCs and instruments would be monitored and managed against pre-determined key performance indicators (KPIs) and metrics. During the course of the managed services, the Astrix Team proactively analyzed performance versus metrics defined in the SLA in order to make adjustments and continually improve services.
The scope of the laboratory computing managed services provided to the customer by Astrix included:
Asset Inventory. The Astrix Team inventoried all laboratory PC assets to capture details on computer hardware, operating system, software, network connection, instruments and instrument software. This inventory also collected information on data backup, physical location, ownership and validation status. Once complete, the captured information was documented in an asset management database that formed the basis for development of the mitigation plan. In addition, a plan was developed to update and keep the database current through periodic laboratory walkthroughs.
Mitigation Plan. The information captured by the inventory of assets was used to evaluate each system against platform and security requirements. A risk-based mitigation plan was formulated that prioritized each system and/or unmet requirement based on risk of data loss and risk to infrastructure integrity. Migration of PC operating systems (OS) such as Windows XP or Windows 7 to Windows 10 was a high-priority item in the mitigation plan. In cases where no migration path was available, the Astrix Team worked with the customer’s IT and business stakeholders to manage the PC for end of life isolation.
Deployment of Standard Platform. In order to minimize risk to the corporate network, the Astrix Team implemented a corporate standard on all laboratory PCs. The routes to deployment of this standard included applying patches to an existing computer, replacement of vendor provided computer with a standard corporate machine, and deployment of enterprise applications such as an antivirus solution. An evaluation of compatibility with existing scientific applications was conducted with each asset to determine which of these routes was most appropriate. Ghosting technology was utilized prior to deployment for each asset in order to minimize disruption to operations.
PC Remediation. The Astrix Team provided help desk support for the customer’s laboratory PCs that involved the following:
- Respond and resolve any “break” incidents on laboratory PCs as quickly as possible to maintain uptime
- Respond to “non-break” service requests for lab computers, peripherals and system support through a ticket system. This service included troubleshooting issues between laboratory PCs and instruments, as well as managing escalation to host instrument vendors as needed.
All help desk activities were documented and reported against service level agreement (SLA) mandates. In addition, regular service summaries were provided to the customer outlining current progress, time expended, any anticipated problems, and remaining time to completion.
PC Decommissioning. Once decontamination activities were completed by the customer, the Astrix Team managed the decommission and disposal of all laboratory PCs, including management of any data that was stored local to the PC.
Data Sweep Technology Deployment. The Astrix Team implemented data sweep technology on laboratory PCs to eliminate the need for scientists to store data on local machines. This technology helped to eliminate the risk of data loss, remove the burden of data backup and storage for scientists, and satisfy part 11 compliance requirements.
Data Security. The Astrix Team performed security risk mitigation on all laboratory PCs. This involved assessing and remediating any issues related to anti-virus software, firewall and network access.
Change Management. The Astrix Team applied a risk-based approach to change management to develop a practical approach that minimized redundant efforts and leveraged existing data, while maintaining the validated/qualified state of computers/instruments.
Through the strategic development of a Laboratory Managed Service Plan by the Astrix Team, the computing assets at the primary manufacturing site of the biopharmaceutical company are now on a comprehensive plan for the effective and on-going management and maintenance of these systems across the enterprise.
The Astrix Laboratory Managed Service Plan provided the following benefits:
- Asset inventory & control
- Life cycle management
- Data archival system
- Cybersecurity protocols
- Standardized validation strategy
- System maintenance plan
- User support plan
- End of life system isolation
- Minimization of downtime strategy
The measures that were put in place allowed for the deployment of a standardized platform across the corporate network that further served to mitigate security risks or loss of important data, ensure regulatory compliance, and reduce system downtime. Through these efforts, the customer was able to achieve their overall project goals, minimize all possible areas for risk across the enterprise, improve efficiencies within their daily operations and ultimately achieved a sustainable process for efficiently managing their informatics platforms moving forward.