Success story medac

The Hamburg pharmaceutical company medac Gesellschaft für klinische Spezialpräparate mbH conducts research, develops and distributes therapeutic agents and diagnostic products in the areas of oncology, urology and autoimmune diseases. Besides the production of established medicinal products, the company focuses on new research and further development of tailor-made therapeutic agents in order to provide individual therapies for patients. Founded in 1970, medac today employs a staff of more than 1,000 and is represented worldwide via subsidiaries and distribution partners.

The challenge: Transparency in line with IT access rights

Who has which IT access rights within the company and why, who grants these rights, and when were such rights granted – all this information pertaining to legal structures is reviewed by authorities in line with audits in pharmaceutical companies as well. Furthermore, there are clear international guidelines (e. g. GAMP) calling for a high level of transparency when it comes to the granting of access rights. Before the implementation of daccord, medac had to invest a lot of time and effort into making the granting of IT access rights transparent. This was a time-consuming process and also cost a lot of money – and the responsibility was exclusively with the IT department. In addition, the option to document the latest status of access rights in reports was missing. All this was to be changed.

Success story, PDF

»daccord is very flexible and can be adapted to existing IT landscapes. Open interfaces may be requested and developed for all systems.«


Arnim Schmid, Head of IT Department Network and Services

On the one hand, responsibility for access rights was to be shifted from the IT department to the individual departments of the company – ultimately, the respective department heads know best which access rights are required for their individual team members, and thanks to their technical insight they can justify their decisions. On the basis of certain parameters, the IT department is able to verify whether the granting of certain access rights is correct, but it may not make technical decisions. Arnim Schmid, Head of IT Department Network and Services at medac, says: “The effort of making access rights transparent before the implementation of daccord was tremendous!”


With the implementation of daccord the following was to be achieved:

  • Monitoring of access rights by individual departments.
  • Increase transparency when granting access rights.
  • Implement a reporting system for the granting of access rights.

The solution: daccord simplifies the control of IT access rights

daccord met all of medac’s requirements and convinced Arnim Schmid and his team. On the one hand, the high degree of usability of the browserbased application and the simple administration of the software played a role in the decision for daccord. On the other hand, daccord’s great flexibility was a deciding factor. “daccord is very flexible and can be adapted to existing IT landscapes. Open interfaces may be requested and developed for all systems,” explains Schmid. For now, Microsoft Active Directory (AD) and the network file system are connected to daccord via the daccord NTFS Connector. The daccord NTFS Connector is even able to readout the type of access rights to file level if access rights were set there. Since medac is currently migrating from Novell’s GroupWise to Microsoft Exchange, the daccord Exchange Connector is also interesting for Arnim Schmid in the medium term as well as the daccord SharePoint Connector in the near future, since Microsoft SharePoint is also currently being implemented at medac. “We expect a lot from daccord and are happy about our investment,” says Schmid. Document management, ERP and the helpdesk are systems that are to be connected to daccord in the short term to help in displaying the request process as well. This will create a complete history and control.

Automated reports and complete control

Arnim Schmid’s experiences with the implementation of daccord so far:

  • Processes dealing with access rights have been simplified significantly.
  • The IT department has been disburdened and is “completely satisfied” with daccord and “thrilled about how smoothly everything operates and how easy it now is to generate access rights reports.”
  • Little expenditure of time – since reports can now be generated automatically.
  • Freed-up IT resources.

Arnim Schmid says: “What used to take hours or even days, can now be accomplished with just one mouse click! The reporting system regarding the most up-to-date status of IT access rights is very important for us!”
The next step is connecting the helpdesk system to daccord to also display the respective process steps – who has requested what and who has approved it. The daccord User Frontend has also not been “rolled out” to all managers yet – here, says Arnim Schmid, “the finishing touches are still in the works.”


Success story, PDF