Three ERP security concerns for medical manufacturers
It is Friday afternoon (really evening) and Julia is leaning back in her chair thinking about the meeting Monday to select an ERP provider. Her company has begun, at last, to grow and there is a need for an ERP system. Their medical device is cutting edge and now has government approval. But after years of everyone wearing many hats and just getting things done, they need to comply now with a lot of rules they have skirted while ramping up. What is really important that will distinguish the manufacturing ERP providers in the realm of security? GRC, governance, risk management, and compliance are at the heart of continued certification.
How can we ensure that work is only done by people fully qualified?
Any ERP will allow a manager to set up a new user. You need to be sure that user is qualified and that qualification is documented by training and certifications. An unqualified user should not even be able to log onto a job / operation to prevent work on products by the wrong people. Along with this are separation of duties requirements. An engineer or inspector could have the qualifications to build products but SoD requires them to remain apart from production tasks. While this was commonly done last year, it is no longer allowed.
How can we stay in CAPA compliance?
Errors will occur – that is certain. You need to be sure that corrective actions and preventative actions are built into the ERP. If a problem was caused by the use of an out-of-current-revision component, can the ERP help prevent that possibility in the future? Can the ERP support a workflow that moves from changing a revision in engineering to force the removal of inventory that is no longer in spec? When we build a product to a specific customer’s documentation, will ERP ensure that only that customer’s drawings are available to production? It is impossible to imagine all the possible corrective and preventative actions that might be required, is the ERP flexible and agile enough to likely be able to enforce those CAPA requirements?
Will this manufacturing ERP help protect the crown jewels?
A new manufacturing ERP needs to stay cutting edge and keep you ahead of any competition. That means data security to prevent any unauthorized viewing or downloading of product data. It also means limiting access to any part of that data internally to only those with a documented need to know. This kind of security is tricky and multi-level. You don’t want to prevent a junior engineer from updating any part routing when you only want to limit access to the routing of our primary product. If we choose to keep data for that product on a separate server, can the ERP switch easily between two data sources? Could the ERP provider have better ideas for security?
Julia leans back and puts her feet on her desk. There are many security domains to consider but these are her primary questions. She and her ERP selection team have agreed on these. Next they find out if one of the ERP providers can meet their requirements.
Featured white papers
Manufacturing ERP requirements template
Over 120 critical manufacturing ERP features in one downloadable spreadsheetDownload
7 steps to selecting discrete manufacturing ERP
17 pages of ERP selection advice and industry requirements analysisDownload
Manufacturing ERP Failure: 6 Common Causes
Get your comprehensive guide to the causes of manufacturing ERP failureDownload
Is BYOD a bad idea for ERP security?
A comprehensive look at the ERP security risks presented by BYOD policies
Four ERP security issues faced by public sector companies
Public sector ERP brings a unique set of security challenges - here’s what to look out for
Three overlooked manufacturing ERP requirements that cause project failure
Factor in these manufacturing ERP requirements into your selection project to avoid being hit by ...