Why Pharma companies need to measure the effectiveness of their IT

Many of the pharma businesses we work with don’t have an in-house CIO, and as such we often find that the Board are not fully aware of the effectiveness of their IT. This always strikes me as strange because in any business the Board will have a clear handle on their sales figures, their productivity and their overheads, and yet the effectiveness of IT, which nowadays forms such a pivotal, and sometimes costly, part of any business, is often not measured at all.

As with any business KPI, if you can’t measure it, you can’t manage it. And using technology effectively is paramount to success in today’s digital world.

So here are some questions to consider around your business’s IT:-

• Do you know what technology you have got and what value it adds to your business?
• How much does your IT cost and is it money well spent?
• How has effective deployment of technology improved your efficiency/productivity in the last 12 months?
• What new IT/technology do you plan to implement in the coming 12 months and what productivity/efficiency improvements will this yield?
• How much does it cost your business if your IT systems are down?
• How effectively do your backup and disaster recovery plans mitigate this risk?
• How do your IT systems, controls and policies facilitate regulatory compliance around GDPR, MHRA, HIPAA?
• How does your cyber security measure up against other companies? If the ICO were to investigate you today under GDPR, would they conclude that your cyber security measures were “appropriate technical and organisational measures to ensure a level of security appropriate to the risk “, or would they consider that you weren’t doing all you should, and penalise you accordingly?
• How long would it take to fully and successfully recover your IT systems in the event of a failure or cyber-attack?
• How often do you measure your IT team/supplier’s ability to deliver on this (by carrying out a timed disaster recovery test)?
• How does your IT compare with that of other Pharma companies? Is it giving your firm a competitive advantage?
• How does your IT facilitate business growth? How difficult or easy does your IT make it to add a new office? To integrate IT systems as part of M&A activity? To share data within the supply chain?
• How does your IT attract and retain the best people – does it facilitate flexible working, is it easy to use, is it reliable?
• Do your IT systems maximise salesforce productivity? Or do your salesforce hide behind IT problems as an excuse for not meeting target?

Hopefully these questions go some way to illustrate that whether your business goals are around expanding, improving profitability, gaining advantage over competitors, improving productivity or making an acquisition, that making the right IT choices is pivotal to success.

And that starts with being able to measure the effectiveness of your IT.

If this article has resonated with you and you would like information on ways that you can measure the effectiveness of your IT, please do not hesitate to contact me on gswanwick@epoq-it.co.uk or call me on 01494 444065.

Epoq IT work with small and medium size pharmaceuticals businesses, providing consultancy, methodologies and technologies that bring clarity and give control over IT back to the business – putting the business in the driving seat of IT spend, compliance and security. For more information on our services please visit our website http://epoq-it.co.uk/pharmaceuticals

This blog forms part of our series of informational resources for senior pharmaceutical professionals. To read more articles, please visit my blog, IT in Pharmaceuticals at http://www.itinpharmaceuticals.co.uk/  

5 Practical Steps to Protect your Pharma Business from Cyber Crime

 

Cyber-attacks are becoming ever more frequent and ever more costly, with estimated annual losses from cyber-crime now topping $400bn (£291bn), according to the Center for Strategic and International Studies.  

And the effect of cyber-attacks on pharmaceutical businesses is wide-ranging: disruption to the business, the potential for large financial losses (the average cost of a cyber breach was $394,000 in 2017, according to NetDiligence, whose data is based on actual cyber insurance claims) and the reputational damage that a cyber-attack is likely to cause the firm.  In addition, many cyber-attacks lead to a breach of personal data which in itself has major regulatory ramifications, especially under the new GDPR legislation.  

On top of this pharmaceuticals have the added complication of the impact an attack will have on their MHRA and HIPAA regulatory obligations. 

It follows then that risk management around cyber-crime is now a major issue for all businesses. As such, it is critical that cyber security is not just treated as an IT issue, and that there is ongoing Board level involvement with establishing and maintaining an effective information risk management regime, which incorporates appropriate policies to match the firm's risk appetite. 

Many companies are turning to cyber insurance as a way of mitigating the risks around cyber-crime, but the reality is that a cyber insurer will assess your business processes around cyber security in order to understand their own level of risk and make decisions over the acceptance and pricing of your policy accordingly. So whilst taking insurance may be a prudent step, it does not mitigate the requirement to implement suitable processes, controls and technologies around cyber security management. 

There is so much more to cyber security management than technology. Yes a suite of technological solutions will be part of the solution (and these days that needs to be a lot more than some antivirus software and a firewall), but just as important are your organisation’s processes and procedures surrounding cyber security. Some practical steps that I would recommend every pharmaceutical business implements to lessen their risk of falling victim to cyber-crime are as follows:- 

1. Implement an effective security patch management policy

Software vendors are releasing a regular stream of patches to mitigate newly discovered security flaws. As I discussed in my recent blog “Establishing an Effective Security Patching Regime”, having a methodology to ensure every device on the network receive patches in a timely fashion is vital.

 

2. Get an INDEPENDENT assessment carried out to benchmark your cyber security defences

Because it’s very easy to be too close to a system and potentially overlook a security loophole, we frequently get called on to conduct independent ‘business IT assessments’ around cyber security to provide a straightforward, visual report to highlight any deficiencies and recommend how they should be remedied.  

3. Implement a multi-layered data backup strategy

With ransomware now extremely prevalent, effective procedures around data backup are paramount. More information can be found here.  

4. Review and test your disaster recovery procedures

I see so many disaster recovery plans that, for a plethora of reasons, don’t work when used in anger. Testing is essential to prove all your data is being backed up successfully and that your entire system can be restored in a timescale that is acceptable to the business.  I wrote a blog on this subject recently, which you can find here.   

5. Consider Cyber Essentials Certification

The Cyber Essentials scheme is a government-backed, industry supported scheme to help organisations protect themselves against common cyber-attacks. Whilst by no means protecting against every possible threat, the cyber essentials scheme does provide a framework for good practice around cyber security.  

There’s no doubt that managing the risk around cyber-crime is not easy, and needs dedicated resources and strict procedures which are rigorously adhered to. I think that is probably why so many firms are now moving towards partnering with a specialist IT company to provide this function, someone who can monitor their system from a security perspective at all times and is not distracted by the day-to-day operations of the firm.  This is certainly the trend we’re seeing here at Epoq IT, where we are working with pharmaceutical companies to provide all of the above services on a fully managed basis. 

If this article has raised questions or concerns over your firm’s cyber security strategy or you would like more information on Epoq’s services which include managed security services, patch management solutions, virtual CIO services, cyber essentials certification, backup solutions and disaster recovery solutions, please do not hesitate to contact me on 01494 444065 or email gswanwick@epoq-it.co.uk when I will be happy to arrange a no obligation conference call to discuss ways that Epoq IT can help.  

For more information about Epoq IT’s services for pharmaceuticals, please visit our website.  

This blog forms part of our series of informational resources for senior pharmaceutical professionals. To read more articles, please visit my blog, IT in Pharmaceuticals.

Pharmaceutical Compliance: Cyber Essentials and GDPR

Following on from my last blog, “Preparing your pharmaceutical company for GDPR: Just what is an “appropriate” level of IT security?” and with less than a month until GDPR comes into force, many of our contacts at pharmaceuticals have been asking me whether it is a requirement under GDPR for them to attain the government’s Cyber Essentials certification.

For those who are not aware, Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber-attacks. Whilst by no means protecting against every possible threat, the cyber essentials scheme does provide a framework for good practice around cyber security, covering five technical controls:

• Secure Configuration – setting up systems securely 
• Boundary Firewalls – preventing unauthorised external access 
• Access Control Management – restricting authorised access to the level needed 
• Patch Management – keeping systems up to date with security fixes 
• Malware Protection – protecting against threats like ransomware 

The Information Commissioners Office has published guidance on the “security principle” of the GDPR, which states that firms should process personal data securely by means of ‘appropriate technical and organisational measures’. These measures must ensure the ‘confidentiality, integrity and availability’ of your systems and services and the personal data you process within them. However the GDPR does not give specific advice on what these measures should be, since for one thing the cyber security landscape is constantly changing, and additionally the chosen measures must be appropriate both to your firm’s circumstances and the level of risk your data processing poses.

As such, there is not a legal obligation under GDPR to attain Cyber Essentials certification, however many pharmaceuticals companies we work with are choosing to implement Cyber Essentials for a number of reasons:-

• To demonstrate to the ICO that they have in place basic security controls as per the established framework that Cyber Essentials lays down. Indeed, the ICO have suggested in their checklist guidance document on the GDPR security principle, a copy of which can be found here, that putting in place security controls in line with Cyber Essentials or a similar framework would be a good starting point.
  
• To demonstrate to clients and prospective clients that they have taken the necessary precautions to minimise cyber security risks.
  
• To demonstrate MHRA and (where applicable) HIPAA compliance around data security, integrity and availability.
  
• To reduce risk and therefore benefit from reduced insurance premiums.
  
• To be able to bid for government contracts that involve the handling of certain sensitive and personal information. 

The ICO’s guidance notes also clearly state that technical measures over and above Cyber Essentials may be required depending on the individual organisation’s circumstances and the type of personal data that they process. Given that pharmaceuticals are at particular risk with the wealth of confidential material they are dealing with, ranging from personal data, to patient medical records to clinical trials data, I would advise pharmaceuticals that they should also be considering a range of technologies, processes and procedures over and above the baseline that Cyber Essentials certification establishes.

I hope this has given you a useful insight into the correlation between cyber essentials certification and the GDPR security principle. Should you need help with assessing your current level of security in readiness for GDPR, or you would like a ready-made Cyber Essentials compliant security solution, please do not hesitate to contact me on (01494) 444065 or email gswanwick@epoq-it.co.uk when I will be happy to arrange a no obligation conference call to discuss ways that Epoq IT can help.

For more information about our GDPR services please visit https://www.epoq-it.co.uk/gdpr/

For more information about Epoq IT’s MySecurity service, a suite of technologies and procedures able to fulfil all the 5 key controls needed for Cyber Essentials Certification, please go to https://www.epoq-it.co.uk/service-and-support/mysecurity/

This blog forms part of our series of informational resources for senior pharmaceutical professionals. To read more articles, please visit my blog, IT in Pharmaceuticals. 

For more information about Epoq IT’s services for pharmaceuticals, please visit our website.

Preparing your pharmaceutical company for GDPR: Just what is an “appropriate” level of IT security?

This is a question that our Certified GDPR Practitioners are frequently getting asked, so I thought today it would be useful to explore this topic in greater detail and try to bring some clarity to the subject.

The GDPR requires personal data to be processed in a manner that ensures its security. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. It requires that appropriate technical or organisational measures are used.

Article 32 of the GDPR states that “Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk”.

It goes on to list some more specific measures which you may wish to consider, amongst others, which are:-

(a) the pseudonymisation and encryption of personal data; 

(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; 

(c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; 

(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

Whilst this is frustratingly vague, by the nature of data security, it is impossible for the legislation to be prescriptive, because the security threat landscape is constantly evolving, and as such, what constitutes a secure network today almost certainly will not constitute a secure network tomorrow.

So what are “the appropriate technical and organisational measures to ensure a level of security appropriate to the risk” that firms should be taking today?

Well, best practice in the IT industry would suggest that you should be thinking about the following types of technologies and business processes:-

1. Implement a suite of technologies, businesses processes and policies to secure your data from threats like malware, ransomware and hackers.
In days gone by a firewall and some antivirus software would largely do the job, but with the constantly evolving threat landscape this is no longer the case and an effective suite of measures will typically need to include:

• Virus protection
• Malware protection
• Ransomware protection
• Email filtering 
• Web filtering
• Constantly updated firewall protection
• Encryption of data in transit
• Encryption of data at rest
• Mobile working policies
• Data loss/leakage prevention technology
• Strong passwords
• Two factor authentication
• The ability to remotely wipe data from any user device that is lost or stolen
• A certified system for securely wiping old servers and PCs prior to disposal
• Regular penetration testing
• 24/7 monitoring against threats

2. Implement technologies and procedures to ensure software security updates are applied to all your servers, PCs and portable devices in a timely fashion 
New security threats are emerging daily and software vendors are releasing a constant stream of fixes and patches to try and mitigate the risks from these threats. Therefore it is critical that you apply these security fixes to both your servers and your PCs and laptops in a timely fashion. I wrote a detailed article on this recently, which you can find here: http://www.itinpharmaceuticals.co.uk/2018/03/gdpr-compliance-establishing-effective.html 

3. Implement suitable access control procedures to protect your data from insider threats
This should include things like access control procedures for staff and third parties, starters and leavers procedures, password policies, mobile working policies, data leakage prevention policies and many more.

4. Review your procedures around physical security of your servers and IT equipment 
Having good cyber security in place is critical, but if someone can walk into your building and access your server room or acquire a laptop containing company information then the very best cyber security systems can be rendered useless.

5. Consider how you manage secure disposal of old PC and server equipment 
Equipment that is end-of-life and being replaced will often contain confidential business data or emails, and therefore it is important that it is properly wiped, and certified accordingly, to guarantee that data cannot be restored.

6. Implement ongoing staff training to ensure your team are aware of the latest cyber security threats It is all too easy to click on seemingly legitimate attachments or web links which may actually contain malicious code, and with new threats constantly emerging, the vigilance of your staff in being able to spot such scams will form part of your defence strategy.

7. Make sure you have an effective data backup strategy that really works
More on this topic can be found here: http://www.itinpharmaceuticals.co.uk/2017/11/preparing-your-pharma-company-for-gdpr-data-backup.html

8. Review and test your Disaster Recovery plan 
In particular check that everything is backed up and recoverable, what (if any) the level of data loss would be in a disaster (e.g. if you had to restore back to the previous day’s backup) and that the time it would take to recovery your systems and data is in-line with business requirements.

9. Have a mechanism in place to regularly review and update your cyber security policies 
Given the constantly changing threat landscape, it is critical that procedures and controls around cyber security are regularly reviewed and updated.

I hope this has given you a useful insight into some of the key areas to consider around cyber security when preparing your pharmaceuticals business for GDPR. Should you need help with assessing your current level of security or with implementing policies and technologies to address any or all of the above requirements, please do not hesitate to contact me on (01494) 444065 or email gswanwick@epoq-it.co.uk when I will be happy to arrange a no obligation conference call to discuss ways that Epoq IT can help.

For more information about our GDPR services please visit https://www.epoq-it.co.uk/gdpr/

For more information about Epoq IT’s services for pharmaceuticals, please visit our website.

This blog forms part of our series of informational resources for senior pharmaceutical professionals. To read more articles, please visit my blog, IT in Pharmaceuticals.

GDPR Compliance – Establishing an Effective Security Patching Regime

Those of you who follow my blog will know that I have recently published a series of articles around preparing for GDPR. With the imminent arrival of the legislation on May 25th our Certified GDPR Practitioners are now heavily involved working with our clients to help them prepare, particularly with regard to all matters relating to cyber security, data backup and disaster recovery.

One question that is arising regularly is around the management of an effective security patching regime, and as such I thought it would be useful today to share some information on this important subject.

Patches, also known as software fixes or updates, are released by software vendors on a regular basis and are designed to fix bugs within the software and put in place measures to mitigate newly discovered security threats. Patches are released regularly for operating systems (like Microsoft Windows) and for most business software applications, as well as for technical software such as anti-virus and backup programmes. Application of patches in a timely and structured way is vital to ensure that the confidential and/or personal data that your business holds is protected from the latest security threats. Indeed the ICO - the UK regulatory body for GDPR - has given clear guidance on the importance of an effective patching regime in one of their recent blogs which stated:

“Failure to patch known vulnerabilities is a factor that the ICO takes into account when determining whether a breach of the seventh principle of the Data Protection Act is serious enough to warrant a civil monetary penalty. And, under the General Data Protection Regulation taking effect from May 25 this year, there may be some circumstances where organisations could be held liable for a breach of security that relates to measures, such as patches, that should have been taken previously.”

However, effective patching may not be as straightforward as it first sounds. Firstly for larger businesses with remote workers or staff who use their own laptop or device for work, there is the logistical issue of how to ensure updates (which are coming out constantly) get deployed to all these end-user devices.

There are also servers to be updated which requires a structured process to ensure technical expertise is made available, suitable testing is carried out and the updates are organised in such a way as to minimise disruption to the business, such as arranging business-friendly downtime slots should the servers need to be rebooted in order to apply the patches.

Timeliness is also an issue, since cyber criminals are now actively “reverse engineering” fixes from software companies like Microsoft, so that they work out what vulnerability the update addressed, and then exploit that vulnerability in organisations who have not yet installed the appropriate patch.

There’s then the issue of testing patches to ensure they are not going to cause a problem with other software you are using on your PCs or servers or cause your IT system to grind to a halt. Occasionally patches do cause problems, so having a roll-back plan that will work is vital to mitigate the risks when deploying any widespread PC update.

Finally, your cyber defences are only ever as good as your weakest link on any given day. With many cyber threats set to seek out the one device that isn’t patched, and enter your network via that device, it is vital that organisations have in place systems that give clear visibility over all devices on the network and their current patch status, and raise an alert for any device which has not been patched or where a patch has failed to deploy for any reason. It is all too easy for one computer to slip through the net if your systems for deploying updates are not highly structured – perhaps the device was turned off, the user rejected or postponed the update or there was a technical problem such as the computer running short of disk space.

Luckily there are ways to overcome these challenges, such as Epoq IT’s MySecurity service. As a managed subscription service designed to take the strain out of day-to-day cyber security management for SMBs, patch management is just one of the features that is incorporated.

I hope this article has provided a useful insight into the importance of an effective security patch management regime, which forms one of several key elements that are needed to protect your data for GDPR. Should you need professional assistance assessing your readiness for GDPR or with the implementation of business processes and technology solutions to facilitate GDPR compliance, please do not hesitate to contact me on (01494) 444065 or email gswanwick@epoq-it.co.uk when I will be delighted to arrange a FREE 30 minute consultancy call with one of our certified GDPR practitioners.

For more information about our GDPR services please visit https://www.epoq-it.co.uk/gdpr/

For more information about MySecurity, please download the MySecurity datasheet

For more information about Epoq IT’s services for Pharmaceutical businesses, please visit our website.

This blog forms part of our series of informational resources for senior pharmaceutical professionals. To read more articles, please visit my blog, IT in Pharmaceuticals. 

GDPR in Pharmaceuticals - 6 Top Tips for Compliance

With the imminent arrival of the GDPR on May 25th our GDPR practitioners are now heavily involved working with our clients to help them prepare, particularly with regard to all matters relating to cyber security, data backup and disaster recovery.

I therefore thought it would be useful to re-publish an article that I wrote last year, which shares 6 key steps that we would suggest all businesses need to be taking, if they have not already done so, to prepare themselves for the new legislation:-

1. Identify what personal data is held (which can be as simple as an individual's name, email address or reference number), who has access to it and where it is stored. This could include in-house servers, cloud services, portable devices such as laptops, tablets and smartphones or removable media such as USB sticks.

2. Identify threats to this data, which could include things like cyber-crime, accidental loss by employees, deliberate theft by employees, industrial espionage, lost devices and unauthorised access to data. Whilst most businesses have some policies and technologies in place to protect them against these sorts of threats, we often find that these were implemented several years ago, and with the fast moving nature of security threats, they are no longer fully effective. In addition many companies have a piecemeal approach of different technology solutions each designed to cover a specific security threat, but no "joined up" solution to make sure nothing falls between the cracks.

3. Invest in and implement the right technology to deal with insider and external threats to data. These days such a solution needs to include:-

• Virus protection 
• Malware protection 
• Ransomware protection 
• A system for applying operating system and application security updates to servers, PCs and laptops promptly. 
• Email filtering 
• Constantly updated firewall protection 
• Encryption of data in transit 
• Data loss/leakage prevention technology 
• The ability to remotely wipe data from any user device that is lost or stolen 
• A certified system for securely wiping old servers and PCs prior to disposal 
• Strong passwords or two factor authentication 
• Regular network penetration testing 
• 24/7 monitoring against threats 
• Effective multi-layered data backup procedures 
• Tested disaster recovery plans 

4. Put together a new or updated data protection policy and train employees on it.

5. Put in place processes for ongoing user education for all members of staff around cyber security and data protection.

6. And finally, for the worst case scenario, create a breach notification plan, which will typically involve the Board, IT, PR, sales, marketing and HR to ensure that any breach could be communicated smoothly, accurately and with as little damage to the business as possible. Should you need professional assistance assessing your readiness for GDPR or with the implementation of business processes and technology solutions to facilitate GDPR compliance, please do not hesitate to contact me on (01494) 444065 or email gswanwick@epoq-it.co.uk when I will be delighted to arrange a FREE 30 minute consultancy call with one of our certified GDPR practitioners.

For more information on preparing your Pharmaceuticals business for GDPR, please visit my blog, IT in Pharmaceuticals.

For more information about Epoq IT, please visit our website.

Preparing your Pharma company for GDPR – Disaster Recovery Considerations

In my last blog, I talked about the importance of data backup in your preparations for GDPR. Since then a number of you have been in touch with questions, many of which revolved around the wider topic of disaster recovery, so today I thought it would be worth expanding a little on disaster recovery provision, an important topic in relation to both GDPR and MHRA compliance.

GDPR places an obligation on your firm to safeguard the personal data which it holds, and my previous articles in this series have talked about ways to protect your data day-in day-out through effective risk management in relation to cyber security, access control and data backup.

However, with the best planning in the world, sometimes the unexpected does happen. We only have to look at the Wannacry ransomware attack that so devastated parts of the NHS to see the reputational damage and compliance breaches that can be caused by such an eventuality. It is therefore important from both a GDPR and MHRA regulatory perspective to have the appropriate incident response and recovery plans in place to handle such a situation.

The key issues to consider here are:

How Long Would it Take to Recover your Data from your Backup? 

(The Recovery Time Objective or RTO) 

and 

How Much Data Loss, if any, Could Your Business Tolerate? 

(The Recovery Point Objective or RPO) 

The answers to these 2 questions will be fundamental in determining both your backup strategy and your disaster recovery plan.

If you have a recovery time objective of minutes or hours (rather than days) on your critical systems, then you will certainly not have time to source alternative hardware and rebuild servers with operating systems and applications and restore data. In this instance you will need to have the ability to spin up replacement servers on pre-existing hardware, so thought needs to be given as to what and where that hardware is, and whether your backup strategy provides for a complete server backup that can be recovered in this way.

Additionally, if the disaster is such that your offices are incapacitated, or perhaps the emergency services will not allow you access to your premises, then the plan needs to consider where your staff would work from and how they would connect to the recovered IT system.

In terms of the Recovery Point Objective, this is all about data loss, and therefore an important aspect to consider under the GDPR, which obliges you to safeguard the data that you hold. If, for example, you only backup your system once a day, typically overnight, then you could lose up to a day’s work and data in a disaster situation. So you need to consider how you would recreate that day’s data and, if your email server is affected by the disaster, how you would cope with potentially having lost a day’s worth of email correspondence.

There is a huge amount to consider in your disaster recovery planning and in reality the only way that you will know with relative certainty that your disaster recovery plan would work when you need to use it for real, is by testing it regularly. I can’t stress enough how vital testing is to success, as in my experience it almost always reveals deficiencies in the plan, whether these be technical issues, operational issues or revealing that the required RTO or RPO could not be met.

Over the years, I have seen disaster recovery tests that have revealed that backups have not been running successfully, or that they have been running but are not actually restorable, along with backups where certain parts of the system/data have been omitted, and backups that take far longer to restore than expected. Then there are the operational oversights of perhaps the DR plan being stored on the network and hence being inaccessible in a disaster, or the contact details for key personnel, customers or suppliers being unavailable due to the disaster itself which can stop the necessary disaster communications plan being executed as envisaged.

There is plenty of scope for problems, and so testing is vital as it allows such deficiencies to be highlighted before the plan is needed in a live invocation, and the necessary remedial actions to be taken, so that when the plan is used “in anger” there is a much better chance of a smooth, swift recovery taking place.

Many smaller pharma companies who we work with just don’t have the time or technical resources to constantly keep on top of disaster recovery planning and testing, which is what led us to launch our MyRecovery service in 2017. This provides a fully managed backup and disaster recovery service tailored to your business’s needs, encompassing the technologies, testing and operational procedures needed to protect your business and your data. Based on a monthly subscription fee, the service is proving popular with small and medium sized pharma companies as it avoids large capital upfront costs and gives Pharma companies the peace of mind that they have a current, working disaster recovery solution in place with guaranteed recovery times.

I hope that this article has given you some useful insight into the key considerations around disaster recovery planning. If you are concerned that your current disaster recovery plan may not be effective and you would like to arrange for us to carry out an independent review or test of your current disaster recovery plan, or you would like more information about our MyRecovery service, please do not hesitate to contact me on 01494 444065 or email gswanwick@epoq-it.co.uk

_________________________________________________________________________________

Epoq IT work with small and medium size pharmaceuticals businesses, providing consultancy, methodologies and technologies that bring clarity and give control over IT back to the business – putting the business in the driving seat of IT spend, compliance and security. For more information on our services please visit our website http://epoq-it.co.uk/pharmaceuticals