cyber security

Viewing related articles

Cyber security: A standard CMDB data model for pharmaceutical manufacturing shop floor systems

Pharmaceutical manufacturers are developing and using Configuration Management Databases (CMDB) to maintain inventories of the IT and automation assets used by the manufacturing and laboratory systems at their production facilities. A CMDB can provide access to accurate data, including available assets, where they are, how they are configured, and the relationships that exist between them; all of which are vital functions for lifecycle management, change management, incident management and patching.

The information model typically used by the standard CMDB installation is based on the idea that all systems used by the enterprise are software based and described by a class of objects called an application. This does not always align to the needs within an operations technology (OT) environment. Therefore, the BioPhorum Cyber Security members, using their extensive combined knowledge, have collaborated to design a common information model describing a manufacturing system detailed in a shop floor/OT CMDB. The proposed model is intended to be a free, reusable, standard structure which can be adapted for specific company needs, providing a good starting point for configuration data modelers working in the OT space.

read more

Cyber Security Configuration management database use cases

In pharmaceutical manufacturing plants, it is sometimes the case that there is no single place to view an inventory of manufacturing assets. Conversely there may be many data sources with manual processes required to compile a single view. This is a problem for the entire enterprise, not just manufacturing; it is a constant and ongoing balance of enterprise (IT) vs manufacturing (OT) tools, policies and proceedures.

Managing this asset information can become a significant manual effort. Without trustworthy data, there is an unclear view of the cybersecurity risk that assets contribute to the manufacturing plant and enterprise. The absence of good information makes planning of patching and lifecycle management exceedingly difficult.

This compels manufacturers to develop Configuration Management Databases (CMDB’s) to maintain inventories of the assets used at their production facilities. Here the BioPhorum Cyber Security members have been investigating the underlying use cases that drive the design, needs and benefits of each member’s CMDB application/s. Through a compare and share process, they have asked the questions “What are our peers doing?”. This paper starts to draw parallels and highlight differences. It gives an insight into the complex and diverse ways of setting up, maintaining, and managing a manufacturing shop floor CMDB.

read more

Cyber security: Boutique vulnerabilities

With each new challenge, organizations are working to improve their response and reduce the time and effort required. Companies are all investing in routine patching where possible, reducing this activity in urgent situations, as well as investing in other mitigation options such as isolation where appropriate – more options means reduced impact. This paper provides a summary of what the members of the BioPhorum IT Cyber Security Workstream are doing.

read more

Cyber security: Information technology vs operations technology – a BioPhorum article

This paper characterizes this framework, and the associated mixed environments, to illustrate the drivers and success metrics for the key functions of business management of information systems, and that of plant-floor instrumentation and controls engineering. For people working in this arena, this paper will help develop an understanding of this landscape and foster a cooperative approach to implementing network resilience and cybersecurity solutions that allow more robust and secure delivery of essential drug products to the market.

read more

Cyber security: Digital plant resilience assessment tool

As the maturity of digital manufacturing plants increases, so does the risk of a cybersecurity or other digital incident. A successful phishing attack, for example, could adversely impact manufacturing operations and potentially take a facility offline for hours, days or even longer.  A company’s ability to minimize the risk of a digital disaster in its manufacturing plants, and quickly restore operations if one occurs, is a vital area for investment to ensure delivery of drug products to patients. To do this, biopharmaceutical manufacturers must understand the cyber resilience at their differing plants and how each site fits into the context of their overall business.

read more

Learn along with the cyber security team how to defend your bio-operations

While there have been advances in the cyber security protection of IT systems, the defense of OT systems is typically not as effective, or as easy to implement and enforce, which leaves the back door open to cyber-attack in many facilities. Biomanufacturing plants are just like the rest of the world, experiencing a bewildering speed of technology change and integration.  Today the difference between enterprise technology (IT) and plant floor...

read more

Data integrity (DI) for IT in the biopharmaceutical industry

Data integrity (DI) is an essential element in ensuring the reliability of data and information obtained and managed in biomanufacturing.  The number of observations made regarding the integrity of data during inspections of good manufacturing practice (GMP) has been increasing, clearly signalling a need for companies to better understand the requirements and ensure confidence in their compliance. In 2016, the BPIT compliance SMEs collaborated to co-author an industry response to the IT data integrity guidelines provided by regulators to support companies in understanding the requirements and in ensuring clarity in their approach to compliance. Furthermore, the guidance in the response paper and the companion template, “Universal Data Integrity System Assessment Template in the Biopharmaceutical Industry”, supports companies by providing a shared view of which controls to implement within a company and offers best practices to manage risks. This results in a common response to regulators and achieves increased confidence in a company’s approach to compliance. The guidance outlines the controls required generally and those required specifically for three categories of IT systems in biomanufacturing – enterprise applications, local systems and equipment.

read more

Data integrity (DI): Universal data integrity system assessment template in the biopharmaceutical industry

The subject matter experts of the BioPhorum IT Compliance Team developed this template in response to the need to ensure compliance with the regulatory guidance for data integrity demanded in the industry. The template was developed to assess the health of computerized systems and their electronic records from a data integrity perspective. Furthermore, it can be used to evaluate potential risks to a computerized system and its electronic records throughout the system’s lifecycle. An assessment may be conducted during requirements gathering as a part of the initial validation, during assessment of system changes, during periodic reviews and/or at the time of decommissioning. The assessment template should be fully developed in conjunction with a standard operating procedure (SOP) to manage consistent implementation and use. Since this is an example template it is not an exhaustive list of questions and should be augmented to meet each company’s specific needs. The template accompanies the “Data Integrity for IT in the Biopharmaceutical Industry” paper, which was developed in parallel to provide an industry response to regulatory guidelines highlighting risks, controls and best practices.

read more

Biomanufacturing technology roadmap: 4. Automated facility

This chapter of the first edition biomanufacturing technology roadmap published in 2017, describes the vision, scope and benefits that could be gained in the biopharmaceutical manufacturing industry from the development and implementation of effective automated facilities. To help the industry achieve this future state it describes the scenarios considered, the future needs, challenges and potential solutions as well as the linkages and dependencies on other parts of the roadmap. It considers the contribution that disruptive and emerging technologies can play and regulatory considerations before finalizing with conclusions and recommendations.

read more

Digital plant maturity model (DPMM) v1: The development of a digital plant maturity model to aid transformation in biopharmaceutical manufacturing

Biopharmaceutical industry challenges and opportunities provided the impetus for a team of subject-matter experts to develop a biomanufacturing digital vision and a digital plant maturity model (DPMM). The white paper describes the stages of maturity from simple paper-based plants through to the fully automated and integrated ‘adaptive plant’ of the future. The business and enabling capability dimensions in the maturity model are also explained. Moreover, the paper describes the benefits of applying the DPMM such as enabling an organization to evaluate the state of its technology at all manufacturing sites, those within a network or at specific ‘sister’ sites. This evaluation can provide either a global roadmap spanning all manufacturing sites (e.g. a common gap for all IT) or a roadmap for specific sites.

read more