Wyeth implements assessment technology to address Web site compliance and security.

For more than a century, Wyeth has been a leader in the world of prescrip-tion pharmaceuticals, nonprescription consumer healthcare products and pharmaceuticals for animal health. The company employs approximately 50,000 people and operates in more than 145 countries across the globe. Wyeth strives to provide top-notch products and services, including numerous Web sites that offer a wealth of features and resources to benefit its customers and partners.

Challenged to ensure consistent quality
Maintaining online compliance for a global brand like Wyeth is more than just a quality assurance (QA) issue. When a company operates in as many countries as Wyeth and has as many Web sites, it needs a comprehensive compliance program that combines people, processes and technology to help deliver the same high standards across all its sites and brands.

As the Internet compliance manager at Wyeth—and a certified information privacy professional (CIPP)—Courtney Leo oversees the ongoing review of Wyeth’s Web sites. With more than 350 corporate sites, Wyeth needs to con-duct thorough quality tests in a timely manner to identify potential application security, quality and compliance issues.

Not only did Wyeth need a tool that could scale to support its massive operations, it also needed an auto-mated process that could help it deliver consistent quality across all its sites. And the company needed to ensure that the technology could support its comprehensive information compliance and security program as managed by Wyeth’s Internet man-agement committee.

Automating the analysis of tens of thousands of Web pages
After working for more than a year, Wyeth developed a corporate standard for Web site best practices. Consequently, the company needed to implement these standards across all its groups by addressing Web practices that could poten­tially open security holes, produce poor quality content or fail to comply with numerous international standards.

Wyeth utilizes Policy Tester and AppScan software to help it identify and prioritize Web site issues for resolution. The software enables Wyeth to automatically analyze content and applications spanning tens of thousands of dynamic Web pages.

Implementing the solution globally
Wyeth integrated the technology into its global vulnerability management and compliance program—leveraging its people, processes, education and training as the cornerstones of the program. The Internet management committee at Wyeth uses the tools to help them address compliance management issues from the ground up: from application development through deployment. The Policy Tester software, an automated online risk management solution, is used to audit and manage quality, privacy, accessibility and compliance-related issues in Wyeth’s corporate Web properties. And the AppScan tool is used to identify, analyze and remediate security issues early in development.

Protecting Wyeth’s brands while saving time and money
Armed with the Policy Tester application, the Wyeth Internet management commit­tee is able to help ensure that its numerous Web sites meet customer expectations for quality and privacy. The application helps Wyeth improve its QA and compliance management, along with its productivity: automating what were once manual tasks has helped the company improve utilization rates and reduce costs.

Wyeth’s Web site owners, who are located in a number of countries, take advantage of the Policy Tester application to perform privacy and quality compliance-related testing, as well as to verify and check their sites for third-party cookies, Web beacons and Secure Sockets Layer (SSL) configuration details. Having worked with the tool for a reasonable amount of time, the site owners report that they feel more secure about the functionality and quality of their sites. Policy Tester has enabled Wyeth to automate a significant part of the process, giving the company’s staff more time to focus on the tasks that require human attention. As a result, Wyeth has been able to significantly reduce its volume of work while continuing to improve the company’s online presence.

“The issues we find with the AppScan technology help our site owners to identify and address certain areas of noncompliance and improve the sites. This helps improve the environment of trust and helps prolong customer relationships,” says Leo.

In addition to privacy and quality compliance-related testing, the Web security team uses AppScan software to automate application security testing. The team leverages the tool as part of its application building process, which helps team members cut costs and reduce time to market. Wyeth has found that detecting potential vulnerabilities early in the software development lifecycle often makes those issues cheaper and easier to fix.

Wyeth also puts its third-party applications to the test. Virtually all third-party-developed applications must pass the stringent standards of the Internet management committee, which sometimes means full security testing as well as a battery of compliance and functionality testing.
“The products have helped Wyeth merge our people, process and technology, and that has increased cost savings and efficiency throughout the corporation,” explains Leo. “It’s crucial that all these factors work together.”

For more information
To learn more about IBM Rational Web application security software, contact your IBM representative or IBM Business Partner, or visit:
ibm.com/software/rational/offerings/testing/webapplicationsecurity