A recent objective audit of security processes at Iperion IS identified that information security is of paramount importance to the GxP compliant IT Infrastructure and its related services.
The outcome showed: “Overall security posture of the management platform can be considered to offer very high levels of confidentiality, integrity and availability assurance”. This demonstrate the high commitment of Iperion to protect its own data, but also its customer information assets and customer patient safety.
The audit was set up as a joint effort with one of Iperion’s customers, with the main objective to verify the security of their data. In scope was the full IT Infrastructure including all the services. The audit, which took 3 days, consisted of a gap analysis on eight different controls such as architecture review, back-up and restore, change management, data handling, firewalls, incident management, logging and alerting and passwords. Also, reviews for removable media and the HR process have been performed. The results showed the “excellent controls already deployed” and the professional approach of Iperion with regards to the life sciences market and rules and regulations. Also, physical testing is executed to verify the data isolation between customers.
Other results drawn from the report: “The Iperion virtual management platform and related out of band management networks have a number of excellent security measures in place; these range from a detailed and in-depth change management process to an extensive set of standard operating procedures (SOPs) and work instructions (WIs).”
“Customer environments are all managed utilizing out of band managed networks and the controls around this architecture can be viewed as very good”.
No findings are identified during the audit, only recommendations.
“We are really satisfied with the results of this audit. The result shows all the efforts Iperion has taken the last years to ensure maximal security within Iperion IS”, according to Ingeborg Baars, Security Manager. “Obtaining ISO27001:2013 improved our organization a lot. This audit shows in an objective manner we have succeeded in implementing the necessary and additional security measures to ensure our customers do not have to worry about their data hosted at Iperion”.
Iperion is planning on executing security audits – internal and external- for the upcoming period to maintain optimal security.