Segmented networks; simple integration of future requirements; central access and authorisation regulation; virtualisation; time synchronisation; backup and restore; security and updates; GAMP compliance; certified and documented.” “Legacy Pharmaceuticals is future-proofing its business

Reference Customer

Legacy Pharmaceuticals Switzerland GmbH

Branch of Industry

Industry, Pharma

Solution Area

Data Center & Infrastructure, Virtualisation

Contact person

Patrick Hofer

Division Lead Skills & Services

+41 61 716 70 70

Save contact

Project environment

Legacy Pharmaceuticals has a long history in the Swiss pharma industry, operating as a contract manufacturer of sterile/aseptic and non-sterile pharma products in liquid and powdered form since 1947. Legacy Pharmaceuticals is committed to the highest of quality standards and virtues such as service excellence, reliability, social responsibility and GAMP compliance. The existing IT and OT (operational technology) landscape had to be prepared for a secure connection between product-oriented IT and operational or administrative business applications. The existing OT landscape was to be complemented with a qualified IT infrastructure that would meet the regulatory requirements of the present and the future, ensuring the utmost reliability and secure, centralised ITIL-oriented operations.

Project requirements & goals

Legacy Pharmaceuticals’ goals were forward-thinking, with the company looking to prepare for the upcoming digitisation. “This project sees our operational technology expanded by a modern IT infrastructure, facilitating GAMP-compliant, secure and reliable operations. This strengthens our core, enabling us to reliably meet compliance requirements in the future and do our own extremely high quality expectations justice,” is how  Barbara Boeglin, Director of Finance and IT, explains the goals of this project.

Implementation & project outcome

Establishing the two dedicated network segments “production network” and “control network” provided a network structure in line with the SANS Institute’s Security Architecture for Industrial Control Systems suited to the modern environment that could be easily adapted to future requirements. Overall, this segmented network structure facilitated the regulation of traffic between the segments using firewalls, reducing it to the bare minimum. This ensures that sensitive information and services are available only to authorised users and systems.  The production network segment saw the establishment of an overarching IT infrastructure and production-oriented IT system using proven technologies, such as Active Directory, virtualisation (VMware), storage appliances and a central external time source (Meinberg). This enabled the provision of key services, such as user management, authentication, backup and restore, time synchronisation, security patches, Windows updates and anti-virus management and distribution. Redundancies were incorporated into each of the critical components, guaranteeing the systems and services were available to the prerequisite high degree. The whole environment, including the services mentioned, has been configured and documented in line with certification (commissioned in accordance with GAMP).