Swiss Manufacturing Company
Injection Moulding & Precision Tooling
.
Situation
.
- Growing concern about handling and protecting the following types of information:
-
- Intellectual Property (IP)
- Personal Identifiable Data (PID) of Customers, Partners and Employees
- Financial Data
-
- Wanted to get independent confirmation that IT infrastructure, processes and governance were current and compliant, across:
-
- Structured Data (ERP, CRM, Manufacturing Systems, Datastores), as well as
- Unstructured Data (Email, Fileshares)
-
- Available internal and external resources lacking the capacity and, in part, the skills required to resolve these complex demands.
Solution
.
We conducted a standardised Cloud, Privacy & Security Assessment (2 days) to quickly establish the biggest risks and opportunities, and define a lean and manageable scope of work. This included:
.
- Data Privacy
-
- Determine the need to perform a complete DPIA as required in certain cases per GDPR/DSGVO – deemed not applicable in this particular case
-
- Data Protection
-
- Review of access policies to ensure only authorised users can access sensitive information – resulted in recommendations for change specifically related to remote access by 3rdparty suppliers
-
- Legal & Compliance
-
- Review of existing Terms & Conditions, Data Protection Declaration, etc. – resulted in revised versions for all to ensure adherence to latest laws and regulations across CH and EU
- Legal review of all Cloud and 3rdParty Contracts related to IT and/or Data Processing – resulted in several recommendations for change, and future-proofed with a subscription to LEANmade (Cloud) Contract Maintenance
- Process review of existing risk management controls in case of Data Breach – now up-leveled with a subscription to LEANmade Incident Response
-
Results
.
- Subscribed to LEANmade Cloud Contract Maintenance, and LEANmade Incident Response for the following reasons:
-
- Existing processes and compliance measures were already in good shape as a starting point (a.o. through ISO9001), but required several updates in combination with specialist support in order to safeguard this successful business in today’s and tomorrow’s connected environment.
-
- Found the LEANmade subscription model to be an excellent fit – and it is turning out to be much more cost effective than any of the other solutions considered
- As a result, a high standard of Data Privacy, Protection and Compliance has been achieved – without interruption of the actual business.