Novo Nordisk faces numerous attack attempts on its IT systems daily. The threats and attack methods vary in magnitude, severity and frequency, and could have severe reputational and financial impacts on Novo Nordisk’s business.
Novo Nordisk is responding to this challenge by launching a new IT Security Instruction to replace the current MSR (Minimum Security Requirements) and IT Security Procedure. The instruction mandates a new IT Security Risk Assessment and Security Plan to be executed when new IT systems are implemented or existing IT systems are modified.
NNIT can help Novo Nordisk to perform the IT Security Risk Assessments, and then to plan and implement security controls to mitigate the identified risks.
We follow Novo Nordisk’s approach for managing IT security. By executing the following activities we help you to understand your risks and how to mitigate them:
Risk Assessment: Identifying IT security risks related to the IT system, and assess their impact on business processes and the likelihood of occurence.
IT Security Controls: Determining which IT security controls should be implemented based on the results of the risk assessment.
Implement and Maintain: Implementing the IT security controls, and then reviewing and following up on IT security risks and IT security controls on a regular basis.
We have many years of experience in assisting Novo Nordisk and other pharmaceutical organizations with IT security activities, including the following examples:
Information Security Assessments: Assessing the information security maturity of organizations, covering people, processes and technology aspects, and providing a roadmap to close gaps.
Business Impact Assessments (BIAs): Assessing the confidentiality, integrity and availability aspects of information contained in new or updated systems to determine the overall risk and as a basis for implementation of security controls.
Regulatory Assessments: Information security assessments to identify regulatory compliance issues regarding data confidentiality, integrity and availability. Regulations include FDA Part 11 and EU General Data Protection Regulation.
Please contact us at firstname.lastname@example.org for further information.