A large US pharmacy chain was hit with regulatory charges that it did not adequately protect personally identifiable information (PII) of customers and employees. The company needed to establish a comprehensive enterprise-wide information security program to protect the security, confidentiality, and integrity of information across its enterprise, which includes more than 5,000 retail locations. The company also needed to meet Federal Trade Commission (FTC) compliance requirements. The design and implementation of an enterprise security program, as well as remediation of information security practices as prescribed by the FTC, were too time consuming and laborious for the company to resolve on its own.
The company engaged PwC to assist with planning, design, and implementation of a comprehensive information security program that would protect customer and employee data as well as remediate regulatory compliance gaps. As a first step, our team of security specialists assessed the company’s security posture and identified ISO/IEC 27001 as an overall security framework upon which to build an information security program. Drawing upon our experience in information security and identity management, we helped the company align its information security policies, objectives, and processes with its business objectives, compliance mandates, and industry leading practices.
Impact on client's business
The implementation of an enterprise security strategy enables the pharmacy chain to provide a world-class security platform and address concerns of regulatory agencies and customers. The company’s organizational structure is now tightly aligned with its business objectives and information security needs. We have helped the company identify future opportunities for enhancements to management reporting and visibility of operating effectiveness, and the company is set to further enhance the efficiency, effectiveness, and maturity of its information security program.