Customer Stories: Sterling Pharma Solutions

Sterling Pharm vCISO services

Sterling Pharma Solutions, an innovative and rapidly growing pharmaceutical company, required robust information security in order to meet their ambitious expansion goals. The company turned to Littlefish to implement core security and data protection measures.



Sterling Pharma Solutions is a global contract development and manufacturing organisation for the pharmaceutical industry, with over 50 years’ experience. They develop and manufacture APIs (Active Pharmaceutical Ingredients) and ADCs (Antibody Drug Conjugates), which are used in lifesaving medicines for patients around the world.  

Since receiving private equity investment in 2019, the business has grown significantly, both organically and inorganically, investing in existing facilities, as well as acquiring facilities to support their strategic growth plans and growing customer base. 

In 2020 Sterling had two facilities and 300 employees. Today, they have five sites in the UK, US and Europe with over 1,300 employees. The business has been built on clear core values, which ensure that they can provide an excellent experience to both customers and employees alike. 

The challenge of cyber security  

Along with steering IT investments strategically, the challenge for Sterling Pharma was to implement clear security processes, procedures, and standards that were robust enough to protect the rapidly expanding organisation and keep its valuable and sensitive data safe.  

The new Chief Information Officer, Paul Southam, was given the clear mandate of creating ‘World Class IT’ for the business that would allow the organisation to grow and scale at speed.

Information security was becoming a bigger and bigger concern for the company, with pharmaceuticals being a highly regulated industry. For us, data security is paramount and cannot be underestimated – we needed a partner we could trust, one that could come in and hit the ground running and that was Littlefish.

Paul Southam, Chief Information Officer, Sterling Pharma Solutions

Littlefish’s security solution 

The organisation knew there was little chance of recruiting the skills they needed. Especially not at the speed and calibre necessary to fulfil their goals.  

Taking on Littlefish’s vCISO service meant that the company could implement a robust cyber and data security solution in a short space of time, helping Sterling Pharma prepare for growth. 

Littlefish’s vCISO would design and oversee new security policies, processes, and standards in collaboration with Sterling Pharma’s team. This would eventually lead to the organisation having its own capability internally once everything was in place.  

Along with drafting new policies and implementing new, mature cyber security measures, Littlefish set about working with Sterling Pharma by conducting an initial cyber essentials assessment 

A standalone project which took a year in total, this comprehensive assessment allowed the Littlefish team to understand the security vulnerabilities. This enabled implementation of security measures to both protect the company and assist in its goals to grow and scale at speed through acquisitions.  

As part of the project, Littlefish convened a monthly working group with key stakeholders to facilitate the smooth roll-out of activities. This also provided a forum to discuss outstanding security issues and incidents, and plan improvement. Assistance was also provided in formulating a Critical Hour Framework in conjunction with security incident and problem management policies. 

There was a clear intent from Littlefish, right from the start, that they take security and data protection seriously.

Paul Southam, Chief Information Officer, Sterling Pharma Solutions 

Additionally, due to the IT team growing quite rapidly at the time, Littlefish were able to offer comprehensive cyber security user education to both new recruits and existing employees. By ensuring users understood the new security policies, procedures and practices, Littlefish helped Sterling Pharma implement a core foundation of information security which was very well-received by end-users.

Business outcomes 

Cyber breaches in the pharmaceutical industry, which has some of the most sensitive data and intellectual property, are a huge concern.  

To assist in Sterling Pharma’s rapid expansion inside this highly regulated industry, Littlefish were able to take the organisation’s information security to the next level in a short amount of time. 

As well as providing guidance on security practice and controls, Littlefish enabled significant improvements to Sterling Pharma’s policies, practices and controls. In addition, the incident response and management processes, user awareness, security culture and compliance were also enhanced. 

By developing, implementing, and managing the organisation’s information security program, Littlefish enabled Sterling Pharma Solutions to continue their successful growth journey.  

Get In Touch