Building a cybersecurity and risk department

Mercalis, a full-service life sciences commercialization company, agreed to make cybersecurity compliance a top priority in 2015 and immediately began building a complete security and risk program. After a great deal of planning, Mercalis’ leadership team decided to pursue the ISO/IEC 27001:2013 certification.

“At the time, in 2015, we knew that attaining the ISO 27001 certification was the gold standard and would set us apart from our competitors,” said Stan Kurpiel, Mercalis’ Chief Information Officer. “We knew this certification would provide our company with effective cybersecurity policies and procedures, a solid security infrastructure, and assurance to our customers.”

Leadership’s goal in establishing a compliance plan was to lower Mercalis’ liability by showing better due diligence and having an aggressive roadmap for Cyber Security for the organization.

Making the call

When establishing a security team, Kurpiel hired Stuart Browy as Senior Director of Security. Browy was tasked with creating the Cyber Security Road Map and spearheaded an ISO 27001 certification.

The first order of business in the Security road map was to search for accredited ISO 27001 certification bodies and A-LIGN immediately caught Browy’s eye. “It was a gut feeling,” said Browy. “When I came across A-LIGN, I did my due diligence and then placed a phone call requesting more information.” Adam Lubbert, A-LIGN’s Associate Director of ISO Delivery, returned Browy’s phone call.

“Adam really sealed the deal,” said Browy. “He assured our team that A-LIGN would educate us about the certification process, as this was completely new for our company. I’ve completed ISO certifications for other companies and appreciate how intimidating the process can be.”

When comparing pricing, Mercalis felt A-LIGN was very fair and closely matched what they expected to pay for an ISO 27001 certification. Between budget and leadership’s immediate ease with the A-LIGN team, Browy was confident that Mercalis hired the best certification body for their needs.

Earning an ISO 27001 certification

Lubbert educated Mercalis through the ISO 27001 certification process. Mercalis built into its plan ‘Zero Trust’ and other additional security layers that ultimately helped the company to harden security protocols. In 2018, Mercalis successfully earned its first ISO/IEC 27001 :2013 certification without any major non-conformities. “The way Adam conducted our audit and communicated with our executive team was very impressive,” said Browy. “Everyone from the top down agreed we needed to keep A-LIGN as our certification body for all future certifications and compliance needs.”

The following year, in 2019, Lubbert was promoted within A-LIGN and provided us with another auditor. The Mercalis team found the other members of the auditing team to be equally skilled and experienced its smoothest audit yet.

Utilizing compliance management software

To streamline the auditing process, Mercalis began utilizing A-SCEND, A-LIGN’s proprietary compliance management platform.

A-SCEND saved Mercalis time by centralizing evidence collection requirements before evaluation and fieldwork. This approach for evidence collection reduced the total number of requests required from each audit by comparing common security frameworks and creating one request to address multiple criteria.

After Mercalis learned how to use the platform, A-SCEND streamlined the compliance process, consolidating and deduplicating efforts to save resources.

Next steps

To learn more about how A-LIGN can help your organization through a variety of cybersecurity compliance assessments and audits, please visit www.a-lign.com/services or complete this form and an A-LIGN expert will reach out to you within 24 hours.

About Mercalis

Mercalis is an integrated life sciences commercialization partner that provides comprehensive solutions that span the entire healthcare value chain. The company partners closely with its clients to deliver an end-to-end spectrum of commercial capabilities that work together seamlessly and flexibly. Backed by proven industry expertise and results-driven technology, Mercalis provides the data and strategic insights, patient support services, and healthcare provider engagement tools to help life sciences companies successfully commercialize new products. Above all, Mercalis helps navigate the complex life sciences marketplace to accelerate value and enhance patient lives. Founded in 2000, Mercalis provides commercialization solutions to more than 500 life sciences customers and has provided access and affordability support to millions of patients. The company is headquartered in Morrisville, North Carolina.

For more information about Mercalis, please visit www.mercalis.com.