Compliance services

Since 2002, PDS Consultants has been delivering specialist IT auditing, remediation and consulting services to high profile, global organisations. We specialise in identifying areas of regulatory non-compliance and in delivering unique solutions to mitigate the consequential risks to client businesses, primarily within the life sciences sector.

PDS offers the following comprehensive range of services which can assist clients at any level of capability to reach their compliance objectives:

  • IT Auditing Services
  • IT Remediation Services
  • IT Consulting Services

These services, which have been developed on the basis of detailed and practical insight into the use of Information Technology in the regulatory marketplace, are made available either directly to PDS clients or indirectly, as a value added service, to the clients of PDS' business partners.

PDS is accredited to ISO 9001:2008, a certification it has held since 1996.

Overview of Services

The basis for the PDS service offering is the observation that regulated industry is under increasing pressure to demonstrate to both the regulator and to clients that its use of IT is under control. In the pharmaceutical and medical devices sector, the 21 CFR Part 11 regulation is a key industry driver.

Experience has shown that while the regulations themselves are clear, they do not offer a methodology to help companies to define and put in place the policies, standards and procedures that are necessary to bring their IT resources into compliance. Neither do they assist the personnel who manage, operate and audit these IT resources in their understanding of compliant operation.

PDS delivers its services under three separate IT service categories: Auditing, Remediation and Consulting. These have a high degree of overlap and interdependence which enables solutions to be targeted and non-prescriptive. Unlike other IT service providers operating in the regulatory compliance field, the PDS service ethos is to work as an extension of a clients' internal resource. Through shared responsibilities and team work, this accelerates and strengthens client ownership of the delivered solutions. As a consequence, PDS' services are considered to be unique and highly cost effective.

IT Auditing Service

As a member of the Information Systems Audit and Control Association (ISACA), PDS considers IT Auditing to be a vital element in assessing IT systems in order to evaluate (via gap analysis) and maintain (through monitoring) operational compliance. Within the framework of best practice, PDS uses its own assessment and auditing tools alongside those available from world leading authorities such as the IT Governance Institute (ITGI). In particular, the IT Balanced Scorecard from the CobiT® Compliance Framework is invaluable in helping to deliver on-time and on-budget value-added audits.

IT Audits, which include auditing third party IT service providers on behalf of clients, are accompanied by comprehensive audit reports which identify areas of weakness and risk. Each vulnerability is addressed by a specific PDS-devised solution which can include policies, standards, procedures, working practices, etc. Solutions are made available to clients through the PDS IT Remediation Service.

IT Audits are invariably a fixed price deliverable, the cost of which being determined by the size of the organisation and/or the scale of the IT resources being audited.

IT Remediation Service

The remit of the IT Auditor is to identify areas of weakness, risk, non-conformity, etc., but does not generally extend into providing solutions to the audit observations. PDS has developed, through exposure to the remediation activities of many of its multi-national clients, a standardised methodology for bringing information systems under control. This methodology is the distillation of best practice techniques which are designed to address the gaps identified by the IT Audit in the most pragmatic and cost-effective way possible.

PDS solutions are designed to remediate the IT related policies, plans, procedures, processes, systems, activities, functions, projects, initiatives and endeavours at all levels of a company and are in the form of standardised templates which are intended for customisation and insertion into the client's IT governance framework. The material is delivered pre-formatted in accordance with the client's documentation standards and is offered at fixed price. The client has the choice of performing post-delivery customisation themselves or using the PDS IT Consulting Service or a mixture of both as required.

IT Consulting Service

At any point in the risk management life cycle, the PDS IT Consulting service is available to offer insight, advice and practical 'hands-on' assistance in delivering best practice solutions to its clients. These services, which are designed to support PDS' IT Auditing and Remediation products (including training), are offered on a day rate basis with discounts for weekly and monthly assignments. By virtue of its project management, software development/support and quality management capabilities (underwritten by adherence to ISO 9001:2008 (TickIT) standards), PDS is capable of working alongside the client's IT and QA personnel and, in the case of smaller companies, as substitutes for those functions.

Service Delivery

PDS undertakes fixed price audits of clients IT resources. Audits follow the CobiT® IT governance framework and deliver reports which are compartmentalised into CobiT's four domains of internal control and subdivided into its 34 high level control objectives. The IT Balanced Scorecard technique is used to benchmark the current status of a client's IT resources against which the effectiveness of subsequent remediation activities can be assessed (through maturity modelling).

In addition, for those areas of weakness and risk identified by the audit process, a PDS IT Remediation solution and/or a PDS IT Consulting service is identified which can be called upon to address, in a subsequent project, the remediation needs of the client's IT resources.

When forming part of a PDS IT Remediation solution and/or Consulting service, the fixed price charge for access to PDS templates is calculated on a pro rata basis from the total charge for the PDS Compliance Suite.

Where these services are offered through a business partner, PDS operates as an agent of the business partner who will at all times maintain the client relationship. All billing will be between PDS and the business partner who will invoice its clients with whatever margins it considers to be appropriate.