IT infrastructure management in a regulated environment

13.02.2020    Author : Christophe Simonin

For the inauguration of our Yucca “blog”, we will present a series of articles on the management of an IT infrastructure in a regulated environment.  Series that will allow us to have a vision on all the technical, organizational and audit elements to have control of its information system.

Beyond the technical and support aspects, a natural prerogative of IT, IT teams are confronted with a multitude of issues and constraints, often complex and sometimes contradictory :

  • The need for performance, mobility, simplicity and stability demanded by users,
  • Security and integrity of data, in the face of threats, breakdowns, clumsiness, possible malevolence),
  • Control of risks and costs, operating guarantees, alignment with business needs requested by finance and operations managers.
  • Quality approach, controls, audit and reporting required by the company, the legislator, the supervisory authority (Finma, SOX, RGDP, LPD etc …). 

How to face, respond effectively and make informed choices and compromises?  In the course of the articles we will address these issues and try to answer them by sharing our experience acquired over many years in complex, sensitive and regulated environments.  Beyond theory and the major architecture and management frameworks, we wish to be as pragmatic as possible in our approach.  So that this mastered computing is also possible in medium-sized structures. 

In the coming weeks, we will therefore address the following topics :   

Architecture and design:

  • Cloud, on-premise, hybrid, what are the right questions to ask?
  • How to design the mapping in all its components, business, risk, security and cost?

Security, cyber security and data leakage prevention :

  • How to protect your data, what are the risks, how to identify them?
  • How to know, anticipate and manage them? 
  • Tools, best practices, control of your sensitive data?

Operations : 

  • Because a robust and secure infrastructure only remains so if it is properly managed.
  • SLA, Delivery manager, capacity planning
  • Change control and management.

Compliance and Audits :

  • Sarban Oxley, FINMA, Gdpr etc…?   
  • Audit plan
  • Tools and reports