AstraZeneca’s evolution from traditional paper access request forms to an automated system.
Founded in 1999, AstraZeneca is a multinational pharmaceutical and biotechnology company, headquartered in Cambridge, England. Aside from England, AstraZeneca has primary locations in Gothenburg, Sweden and Gaithersburg, Maryland.
AstraZeneca has a portfolio of products for major diseases in areas including oncology, cardiovascular, gastrointestinal, infection, neuroscience, respiratory, and inflammation.
James Lee, Site Security and Emergency Response Manager:
- 1 year with AstraZeneca; worked as a System Administrator as a Contractor for 10 years prior.
Brooks Cucuel, Sr. Director of Security:
- 13 years with AstraZeneca.
John Garruto, System Integrator, Convergint:
- Working with AstraZeneca since 2014.
- Enterprise Access Control system with 11 major sites across North America.
- Sites consist of a combination of office, R&D, and manufacturing facilities in the US, Canada, and Mexico.
- C•CURE 9000 system with 180,000 personnel profiles of employees and contractors being pulled in through Active Directory.
The ProblemAs a pharmaceutical company, AstraZeneca is subject to inspection and must adhere to regulatory agency guidelines, like the FDA or other country equivalents, which include thorough documentation and retention processes. For example, each access clearance variation must be thoroughly documented with information about who has access, where they accessed, and any relevant training materials with proper signoffs. To adhere to regulatory guidelines, it is necessary to keep these records for a minimum of three years with full test scripts readily available in the case of an audit.
Over the last 13 years, AstraZeneca’s clearance procedure has been almost entirely physical. This necessitated hand signatures, meaning individual requesters had to physically seek out clearance owners to review and sign off on their individual access requests. Additionally, each request’s paper trail created by this process had to be filed away in physical cabinets.
AstraZeneca’s sustainability commitments and best practices required the ongoing management of their environmental impact across all their activities and products. In 2015, to evolve their traditional paper business access request forms to a semi-electronic system, several of AstraZeneca’s sites implemented DocuSign.
This system improved on the paper method but still came with a host of issues. DocuSign had no logic for routing requests and approvals and required AstraZeneca to hire additional resources to move requests through the clearance process. DocuSign also charged fees for cloud storage and for every request opened, quickly adding to costs as many requests were restarted or automatically opened from refreshing browser pages.
The SolutionAstraZeneca chose C•CURE Access Management Workflow to streamline their clearance process. With its convenient and flexible self-service web portal, C•CURE Access Management Workflow puts the power back in the hands of clearance owners. From C•CURE Portal, approvers can manage access for areas they own and can run their own reports without the need for a middleman, with full documentation through C•CURE 9000.
C•CURE Access Management Workflow updated the physical clearance process by simplifying how requests could be accepted or rejected. When a rejection is made, a user is now only required to make a note of why the request was rejected, eliminating the need for follow-ups. In Q4 2020, AstraZeneca soft launched C•CURE Access Management Workflow before rolling the process out to all global locations across the enterprise system. Between Q4 2020 and Q3 2022, access request submissions through the C•CURE Portal increased from 6 to 642.
With C•CURE Access Management Workflow, AstraZeneca found a way to move past a laborious physical clearance process and into a modernized, simplified electronic one. By upgrading this process, AstraZeneca’s security teams are empowered to focus on keeping their areas safe and compliant.
> View the Full Case Study - PDF