NAVEX Case Studies Major Medical Device Manufacturer Automates IT Risk and Compliance Processes

Edit This Case Study Record

	Major Medical Device Manufacturer Automates IT Risk and Compliance Processes NAVEX

Major Medical Device Manufacturer Automates IT Risk and Compliance Processes

NAVEX

Technology Category	Analytics & Modeling - Real Time Analytics Application Infrastructure & Middleware - Data Exchange & Integration
Applicable Industries	Healthcare & Hospitals
Applicable Functions	Discrete Manufacturing Quality Assurance
Use Cases	Predictive Maintenance Process Control & Optimization
Services	Data Science Services System Integration
Challenge	The medical device manufacturer was struggling with a lack of insight into IT risks, siloed information, and inefficient audit preparation. The company’s IT security team was not equipped to manage risks and comply with audits. Essential information was difficult to track down, often stored in emails or individual spreadsheets. The company managed web application assessments, penetration tests and vulnerabilities as separate efforts. Reporting was manual and cumbersome, so risks were rarely visible to leadership. Audits were labor-intensive tasks that required collecting data from different departments and it took weeks of preparation before external auditors arrived. The medical device manufacturer needed a unified way to collect information, report on potential risks and streamline the audit process. Read More
About Customer	The customer is a major medical device manufacturer. They are focused on building world-class surgical devices for hospitals. However, less attention is given to IT risk, information security and audit compliance - but failures on these fronts can lead to fines, litigation and reputation loss. The company’s IT security team was not equipped to manage risks and comply with audits. Essential information was difficult to track down, often stored in emails or individual spreadsheets. The company managed web application assessments, penetration tests and vulnerabilities as separate efforts. Read More
Solution	The medical device manufacturer selected NAVEX’s GRC platform, NAVEX IRM, to address the company’s challenge with IT risk, audits and information security. Over the course of eight months, the company used NAVEX IRM to manage control activities and mapped policies to regulatory requirements from a centralized location, use automation to manage vulnerabilities, map IT risks to business risks for an enterprise-wide view, combine web application and penetration test results for the past two years, creating a historical, searchable system of record, and organize and speed up external audits using a single dashboard to display audit progress with real-time tracking and insights. The company managed to centralize all risk data and documentation and respond to audit requests in days instead of months. Read More Log in to view content
Contents

Technology Category

Analytics & Modeling - Real Time Analytics

Application Infrastructure & Middleware - Data Exchange & Integration

Applicable Industries

Healthcare & Hospitals

Applicable Functions

Discrete Manufacturing

Quality Assurance

Use Cases

Predictive Maintenance

Process Control & Optimization

Services

Data Science Services

System Integration

Challenge

The medical device manufacturer was struggling with a lack of insight into IT risks, siloed information, and inefficient audit preparation. The company’s IT security team was not equipped to manage risks and comply with audits. Essential information was difficult to track down, often stored in emails or individual spreadsheets. The company managed web application assessments, penetration tests and vulnerabilities as separate efforts. Reporting was manual and cumbersome, so risks were rarely visible to leadership. Audits were labor-intensive tasks that required collecting data from different departments and it took weeks of preparation before external auditors arrived. The medical device manufacturer needed a unified way to collect information, report on potential risks and streamline the audit process.

About Customer

The customer is a major medical device manufacturer. They are focused on building world-class surgical devices for hospitals. However, less attention is given to IT risk, information security and audit compliance - but failures on these fronts can lead to fines, litigation and reputation loss. The company’s IT security team was not equipped to manage risks and comply with audits. Essential information was difficult to track down, often stored in emails or individual spreadsheets. The company managed web application assessments, penetration tests and vulnerabilities as separate efforts.

Solution

The medical device manufacturer selected NAVEX’s GRC platform, NAVEX IRM, to address the company’s challenge with IT risk, audits and information security. Over the course of eight months, the company used NAVEX IRM to manage control activities and mapped policies to regulatory requirements from a centralized location, use automation to manage vulnerabilities, map IT risks to business risks for an enterprise-wide view, combine web application and penetration test results for the past two years, creating a historical, searchable system of record, and organize and speed up external audits using a single dashboard to display audit progress with real-time tracking and insights. The company managed to centralize all risk data and documentation and respond to audit requests in days instead of months.

Impact #1	Switching from manual processes to automation with NAVEX IRM saved time and money.
Impact #2	The company managed to centralize all risk data and documentation and respond to audit requests in days instead of months.
Impact #3	By using NAVEX IRM to become more efficient at critical tasks, IT, audit and compliance staff had more time to focus on other initiatives to lower costs and remediate risks.

Impact #1

Switching from manual processes to automation with NAVEX IRM saved time and money.

Impact #2

The company managed to centralize all risk data and documentation and respond to audit requests in days instead of months.

Impact #3

By using NAVEX IRM to become more efficient at critical tasks, IT, audit and compliance staff had more time to focus on other initiatives to lower costs and remediate risks.

Benefit #1	Automated parts of the vulnerability management process in 2 months
Benefit #2	Reduced audit preparation time by 80%: from 5 weeks to 1 week
Benefit #3	Created a dashboard to display near real-time risk posture

Benefit #1

Automated parts of the vulnerability management process in 2 months

Benefit #2

Reduced audit preparation time by 80%: from 5 weeks to 1 week

Benefit #3

Created a dashboard to display near real-time risk posture

Download PDF Version

Overview

Major Medical Device Manufacturer Automates IT Risk and Compliance Processes

Operational Impact

Quantitative Benefit