Case Studies

Floating Item

Biotech Company Enlists ICE Consulting’s Assistance in ISO 27001 Compliance

Industry: Biotech & Life Sciences
Company size: 1,000+ Employees ($4 Billion Market Cap)
Location: South San Francisco, California

Read Case Study

Challenge:

A $100-million-a-year biotech company was seeking compliance based on the ISO 27001:2013 standards published by the International Standards Organization (ISO) located in Switzerland. The ISO 27001 standard is the framework that quantifies the vulnerabilities and threats of the ISMS (information security management system) of an international organization. It includes assessing the processes and policies of how a company uses and controls data. ISO 27001 is considered one of the toughest compliance certifications to obtain and maintain.

Solution:

This synthetic biology company hired ICE Consulting for help with the IT-related portions of both the preparation and evidence gathering phase, and the audit phase of the ISO certification process beginning in 2018. ICE provided the necessary documents for:

  • Capacity planning and incident response planning
  • Diagrams such as network time standards and physical network layout
  • General policy and security consulting
  • Consultation with the company during the audit process to assist and answer questions from the auditors
  • 100+ hours of consultation

Results:

With the help of ICE Consulting’s compliance specialists, our biotech client became ISO 27001 certified in late 2019, and we have continued to help the company maintain its certified status every year since then. We also assisted our client in obtaining an additional ISO certification for the manufacture of medical equipment, ISO 13485.

ICE Provides Full Turnkey IT Services to Biotech Client—Helping Them Expand and Relocate

Industry: Biotech & Life Sciences
Company size: 75+ Employees
Location: Menlo Park, California

Read Case Study

Challenge:

ICE Consulting has helped with the IT needs for some of the most innovative biotech startups in the San Francisco Bay Area— a hotbed of biotech activity. A growing biotech company needed help setting up, designing, and building out the IT infrastructure at its first site so it could concentrate on research and development activities.

Solution:

ICE Consulting brought together a team of highly skilled and experienced IT project managers, IT architects, and IT project network/system engineers to help facilitate the needs of this and many other biotech clients in the design and building of these new sites. ICE helped the client expand and relocate into their first new workspace in a brand-new building from an incubator space. ICE helped in these ways: 

  • Designed and built a new office IT plan by working with the site General Contractor (GC) and participated in the construction meetings during the initial phase of the project to ensure all IT-related requirements were coordinated in the construction plans.
  • Designed the structured wiring plan with the low-voltage cabling contractor to ensure adequate cabling to meet the needs of the client.
  • Worked with ISP vendors to establish service in the new building for the client including IP requirements, bandwidth needs, and proper handoff to the planned client hardware.
  • Partnered with an audio/video consulting firm to plan out the conference room design and equipment needs including room schedulers, room controllers, cameras, speakers and microphones, and auxiliary equipment and connections necessary for the client, as well as sound-deadening equipment to reduce the ambient noise in the workspace.
  • Evaluated the design and sizing of the server/MDF (Main Data Feed) and IDF (Intermediary Data Feed) rooms and passed on the GC for inclusion in the final plans
  • Evaluated, documented, and provided the power requirements and HVAC (Heating, Ventilation, & Air Conditioning) requirements for the Server / MDF room and the IDFs to the contractors, for the planning of the respective portion of tenant improvements.
  • Designed the IT infrastructure (both Systems and Networks) for the new site using industry design guides and infosec compliance regulations to ensure cybersecurity is an integral part of the design, not an afterthought.
  • Recommended the appropriate security and threat management capabilities for the selection of the new firewalls and edge infrastructure (ISP to the internal network). ICE only recommends the industry-leading vendors for Firewalls such as FortiGate or Palo Alto Networks.
  • Leveraged ICE partner relationships with technology vendors such as VMware, Okta, CarbonBlack, Code 42, Microsoft, and others.
  • Designed and executed the cloud technology stack for the client including Identity Management, Single Sign-On (SSO) & Multi-Factor Authentication (MFA) using Okta, implemented a Mobile Device Management (MDM) solution using Workspace One, and Corporate Productivity and E-mail with Microsoft M365.
  • Emphasized security of the client’s corporate data, ICE installed and configured disk encryption solutions, and much more. 

Results: 

Thanks to ICE Consulting, the biotech client now has an infrastructure that is properly designed, configured, and installed. This will allow the biotech company to fully use the latest technology today and tomorrow as the biotech company grows and prospers. For this client and others, ICE continues to update, maintain, and improve the security and performance of the installed infrastructure.

ICE has performed this kind of work many times in the San Francisco Bay area and has developed a reputation for these “greenfield” builds with biotech start-ups. Our solutions have met client needs by providing highly scalable, secure, and reliable infrastructure. With ICE Consulting’s IT infrastructure assistance, many of these clients have grown from small start-ups to more than 1000-employee, multi-national enterprises.

Innovative Biotech Company Hires ICE to Scale and Secure IT Infrastructure

Industry: Biotech & Life Sciences
Company size: 20+ Employees
Location: South San Francisco, California 

Read Case Study

Challenge:

A promising biotech company in the San Francisco Bay Area needed to focus on its core business rather than IT—yet the company recognized that a strong IT would be critical to its growth plans moving forward. The company needed all facets of its IT infrastructure evaluated against industry best practices to help it move to a more secure, stable, and resilient network.

Solution:

After developing an extensive IT audit report, ICE provided recommendations on enhancing the company’s network by refreshing and implementing new IT hardware and installing new software and cloud services to assist in the modernization of the client’s network. ICE engineers created a high-level IT infrastructure upgrade and modernization plan with multiple smaller project plans.  And over 18 months, at the client’s request, ICE created Statements of Project Work (SOPW), Bill of Materials (BOM), and detailed project plans to modernize its IT infrastructure. ICE helped in these ways:

  • Began fixing and cleaning up the IT infrastructure, building upon the existing environment and previous projects.
  • Emphasized slow and strategic changes to the production IT infrastructure after thoroughly testing the solution in a lab environment to minimize downtime and disruption to the client. ICE would then move on to the next change, by looking at the whole, not the individual device, software, or service, thus constantly improving the network and working toward the defined goals of the plan.
  • Made specific changes including removing the daisy-chaining of the access switches and connecting the access switches to the core switches. This served as a new redesign in a hub-spoke method for improved data flow.
  • Added security enhancements that included the firewall firmware code updates to the newest and stable code release with security patches applied.
  • Performed a wireless spectrum analysis to determine a health check of the wireless networks.
  • Established SLAs with network infrastructure vendors for improved support and management.
  • Performed changes slowly and methodically on data systems infrastructure to improve the performance of service and storage devices.
  • Reconfigured the Active Directory services at each location to provide resiliency in case of loss of connectivity with the other sites, and much more.

Results: 

In summary, ICE Consulting provided a full IT turnkey solution that allowed the biotech company to focus on its evolving product offering.  This partnership continues today.

ICE Helps Medical Technology Company Meet Hi-Trust Compliance—HIPAA on Steroids

Industry: Medical Device
Company size: 75+ Employees
Location: Walnut Creek

Read Case Study

Challenge:

A medical technology company was seeking compliance based on the Hi-Trust standards. Hi-Trust represents to patients and physicians that the technology provider has met the standards for identity and medical data protection. Hi-Trust has been called “HIPAA on Steroids” due to the requirements dictated for protecting patient information.

Solution:

ICE Consulting provided assistance in the following areas:

  • Preparation and evidence-gathering phase, and the audit phase of the certification process beginning in fall of 2020
  • Established company policies working with the company’s IT and HR departments and key personnel
  • Set up and monitored IT-related mechanisms necessary to implement the newly created policies
  • Assisted during the audit process to answer questions from the auditors.

Results:

The company became Hi-Trust certified in late 2021. Moving forward, we will help them maintain their certified status by supporting this client with our Security Operations Center (SOC) using tools such as Securonix Security Incident and Event Management (SIEM), User and Endpoint Behavior Analysis (UEBA), and network Traffic Analysis (NTA) offerings and CheckMK.

US Government Contractor Adopts NIST 8000-Cybersecurity Framework, Thanks to Assistance from ICE

Industry: Department of Defense (DOD) Prime Contractor
Company size: 300+ Employees (Private company)
Location: Palo Alto

Read Case Study

Challenge:

This US government contractor is required to comply with the standards of NIST regulation 800-171. The Cybersecurity Framework (CSF) details the policies, procedures, and steps necessary to protect an organization from possible threat situations that government organizations and contractors face from bad actors both internal and external. 

Solution:

ICE worked with the contractor to make the necessary changes to their IT infrastructure. We worked with the customer’s security personnel to set up the right hardware including new next-generation firewalls, advanced management software, and compliant VPN services to meet the standards.

Results: 

Thanks to ICE Consulting, the government contractor met the standards to become NIST 800-171 compliant. ICE is currently assisting the customer on the CMMC (Cybersecurity Maturity Model Certification) process.

SCHEDULE A FREE CONSULTATION

International Organization for Standardization (ISO)
ISO compliance is achieved when an organization meets the requirements outlined in a specific standard developed by the International Organization for Standardization (ISO). ISO has developed thousands of standards that cover all areas of business. These ISO frameworks are used by organizations to embed internationally standardized business practices.
×
×
WordPress Popup
Health Insurance Portability and Accountability Act (HIPAA)
Compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA) requires companies that deal with protected health information (PHI) to have physical, network, and process security measures in place and follow them. HIPPA laws are a series of federal regulatory standards that outline the lawful use and disclosure of protected health information in the United States.
×
×
WordPress Popup
Health Information Trust Alliance (HITRUST)​
The Health Information Trust Alliance (HITRUST) is a non-profit company that delivers data protection standards and certification programs to help organizations safeguard sensitive information, manage information risk, and reach their compliance goals. HITRUST stands out from other compliance frameworks because it harmonizes dozens of authoritative sources such as HIPAA, SOC 2, NIST, and ISO 27001. It is also the only standards development organization with a framework, assessment platform, and independent assurance program, which has helped drive widespread adoption.
×
×
WordPress Popup
Clinical Laboratory Improvement Amendments (CLIA)
Clinical Laboratory Improvement Amendments (CLIA) of 1988 contains the Code of US Federal Regulations that govern any entity that returns patient test results for the purposes of caring for that patient. CLIA ensures that there is a standard of quality associated with test results across laboratory testing performed on specimens from humans such as blood, body fluid, and tissue, for the purposes of diagnosis, prevention, or treatment of disease or assessment of human health. This ensures the accuracy, reliability, and timeliness of laboratory test results regardless of where the test was performed.
×
×
WordPress Popup
National Institute of Standards and Technology (NIST)​
NIST was created to improve U.S. innovation and competitiveness across industries “by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.”
Today, NIST remains one of the nation’s oldest physical science laboratories with a focus on three core competencies:
1. Measurement science
2. Rigorous traceability
3. Development and use of standards
NIST’s technical contributions to the development of information security standards have saved private industries more than $1 billion and drive consumer and business confidence.
×
×
WordPress Popup
General Data Protection Regulation (GDPR)
The goal of GDPR is to provide more stringent data privacy and security measures and more user-friendly disclosures and reporting on data protection practices. The regulations aim to allow individuals to control the use and storage of their own data, including any personally identifiable information.
×
×
WordPress Popup
Sarbanes-Oxley Act (SOX)​
The Sarbanes-Oxley (SOX) Act of 2002 was passed by the United States Congress into law to cut down on corporations that took part in fraudulent financial reporting. The act was passed on July 30 and its main intention is to protect investors. It’s regularly referred to as the SOX Act of 2002, and it includes strict reforms to previous securities regulations. By mandating these reforms, lawbreakers were now subject to stricter and tougher penalties.
×
×
WordPress Popup
Service Organization Control 2 (SOC 2)​
SOC 2 is coveted and hard to obtain information-security certification, and it demonstrates that an independent accounting and auditing firm has examined an organization’s non-financial reporting control objectives and activities. The auditing firm tests our controls over time to ensure that they are operating securely and effectively. Developed by the American Institute of CPAs (AICPA), SOC stands for Service and Organization Control. It defines criteria for managing customer data based on five “trust services principles” — security, availability, processing integrity, confidentiality, and privacy.
×
×
WordPress Popup