Resources
/
Case Studies
/
Pharma Manufacturing Firm

Pharma Manufacturing Firm

Protecting Pharma, Securing Innovations

Industry

Pharma Manufacturing

Services rendered
  • OT / IT Network Pentest
  • Web Application Pentest
  • Configuration Review
Frameworks
  • CERT-In
  • ISO 27001
  • 21 CFR Part 11
Engagement

10 weeks

Region

India

Scope

Manufacturing OT network + corporate IT + lab systems

The Challenge

What the team was up against

Challenge 01

Air-gapped OT was no longer air-gapped

Plant-floor PLCs and SCADA were quietly bridged to corporate IT for batch reporting — no segmentation, flat L2, no monitoring.

Challenge 02

Regulated batch records on shared file shares

21 CFR Part 11 electronic records sat on Windows shares with weak ACLs. Audit trail integrity could not be proven on demand.

Challenge 03

Lab software with hard-coded vendor credentials

Chromatography and weighing instruments shipped with default admin accounts that had never been rotated since commissioning.

Our Approach

How we solved it

Step 01

Layered OT / IT segmentation

Mapped every cross-zone flow, redesigned the firewall rule-set around a Purdue-model topology, and validated each segment with a controlled internal pentest.

Step 02

Authenticated, evidence-led vulnerability assessment

Ran credentialled scans on every Windows asset + manual exploitation on web applications, batch portals, and integration APIs. Each finding came with reproducible PoC and a fix verified on retest.

Step 03

21 CFR Part 11 + ISO 27001 gap remediation

Closed the audit-trail, electronic-signature, and access-review gaps. Delivered evidence packs the QA team could hand to FDA inspectors without translation.

The Results

What changed after the engagement

54

Findings remediated end-to-end

9 Critical, 17 High, 28 Medium — every Critical + High patched and verified on the retest pass.

100%

Audit-trail compliance

21 CFR Part 11 electronic-record gaps closed; pre-audit evidence pack handed to the QA + IT teams.

0

Reported OT incidents since handover

18 months of clean operations across the manufacturing OT network after segmentation went live.

Certbar Security collaborated with a leading pharmaceutical manufacturing firm to bolster their cybersecurity framework. This case study explores our detailed approach to identifying vulnerabilities and implementing robust security measures tailored for the pharmaceutical sector. Our solutions were designed to protect sensitive research data, ensure regulatory compliance, and defend against evolving cyber threats.


Through our comprehensive cybersecurity services, the pharmaceutical manufacturing firm achieved substantial enhancements in their security posture. This case study highlights our process from initial assessment to final implementation, showcasing the tangible benefits realized. Enhanced data protection, reduced risk of cyber attacks, and improved compliance with industry regulations are key outcomes, underscoring Certbar Security’s value in the pharmaceutical industry.

FAQs

FAQs

Pharma manufacturing firms often encounter threats such as data breaches, ransomware attacks, and intellectual property theft, which can compromise sensitive research data and disrupt operations.

Keep reading

More case studies

Get the same outcomes

Want a similar audit for pharma manufacturing security?

Talk to a CERT-In empanelled auditor. We'll scope the engagement, share a fixed price, and start within a week.