CSV, ITIL, Cobit, EuroSOX - contradictory, duplicate effort or beneficial?

Product safety, process safety, safety of operations - which other terms can be used to derive the requirements for CSV/GMP-, ITIL/Cobit- or EuroSOX (SOX) compliance? The IT department of a regulated company is faced with demands for reliability, data security, process safety, protection of business operations and so on from various sides. How are these implemented in the scope of your corporate IT governance?

Contain red tape!
Users and IT staff are commonly complaining that they have to answer the same questions again and again in the scope of CSV workshops or SOX audits. "Surely I don't have to describe that again!" is a legitimate objection, since different approaches and requirements can be synchronised so as to minimise effort by the reuse of documents, procedures, and even tests to meet the appropriate "compliance".

What are the causes?
Naturally, the initial priorities were the quality management requirements for controlled, secure and documented processes and systems to guarantee stable and safe products. Additional standards such as SOX/EuroSOX or ITIL/Cobit have emerged due to increasing complexity, international events such as 9-11, financial crises, cost pressures, or simply widespread user dissatisfaction with IT systems. These standards were based on existing procedures and established methods, and developed them further in accordance with the corresponding requirements. While CSV/GMP is designed to ensure product safety and production process validity, EuroSOX (SOX) is geared towards business and financial processes, while ITIL/Cobit covers the provision of IT services in the enterprise.

Identify synergies!
These complementary perspectives on a shared data space have the same keywords such as business continuity, disaster recovery, backup and restore, security, user management, business process management, software development life cycle, etc. in their vocabulary. All share the requirement for processes, control points and documents! Forward-looking structures permit the formulation of synergistic areas, which enable a high degree of reusability for both processes and documents.

The Chemgineering Business Designers were able to build experience in the scope of projects with overlapping requirements, and are in a position to act as project manager, process designer and mediator. On the basis of business process excellence, as well as IT and regulatory expertise, we will help you to interlink requirements from the various areas, and minimise effort.



For further information please contact Dr. Thomas Karlewski

Chemgineering Business Design AG | Binningerstrasse 2 | 4142 M√ľnchenstein | T +41 61 467 89 00 | F +41 61 467 89 01 | www.chemgineering.com | info@chemgineering.com