Customer stories

Pharmaceutical manufacturer

Pharmaceutical manufacturer outsources PCI compliance. Life Sciences company finds trusted partner and streamlines order interrogation and PCI compliant processing with OpenText Alloy


  • Difficulty managing complex audits
  • Costly and time-consuming manual processes


  • Improved staff resource utilization

  • Enabled tokenization without the compliance burden

  • Saved thousands annually in audit expenditures


The time, staff resources and costs associated with a payment card industry (PCI) compliance audit are disruptive for any company, but for Life Sciences companies that receive a mix of purchase orders with and without credit cards, the burden of an audit can’t be avoided. A pharmaceutical manufacturer, with more than $2.1 billion in sales in 2017, wanted to find a partner to take over the responsibility of PCI compliance by ensuring that purchase orders with credit card information did not reach the company’s sales order system.

The ability of OpenText™ Alloy™ to interrogate purchase orders for specific information met the pharmaceutical manufacturer’s goal of eliminating the need for annual PCI compliance audits and streamlining the process.

The pharmaceutical manufacturer’s customers sent purchase orders for the more than 10,000 products offered by the Life Sciences company directly to the company for processing, a significant number of purchase orders come with card numbers. Possession of this information resulted in annual PCI compliance audits each year, which cost money and burden staff resources.

An added challenge was finding a partner that could review purchase orders on an individual basis to determine if financial information was included, as well as working with the company’s existing tokenization provider and ordering system without investing in new infrastructure.

Filling the gaps between the tokenization provider and the pharmaceutical manufacturer required a robust, flexible solution and a partner with the ability to work with other companies to help the Life Sciences client reach the goal of moving PCI compliance outside its four walls.

OpenText™ Alloy™ helped the pharmaceutical manufacturer meet its goal.

All purchase orders are initially processed through Alloy, and each is interrogated to determine if credit card information is present. If no financial information is included, the PO is sent directly to the company for processing.

If credit card information is present, Alloy contacts the tokenization provider first for a token to be assigned. The token, along with some descriptive information, is added to the PO, which is then sent to the company. This process ensures proper payment information for all orders but removes the responsibility of PCI compliance from the Life Sciences company.

The ability of Alloy to interrogate purchase orders for specific information met the pharmaceutical manufacturer’s goal of eliminating the need for annual PCI compliance audits at the company and streamlining the process. Because Alloy is already a PCI-compliant environment and OpenText assumes the responsibility of ongoing PCI compliance, the company was then able to divert dollars and staff resources normally assigned to the audit to other mission critical activities.

Alloy supported the complex integration, enabling the receipt, interrogation and transfer of purchase orders to either the tokenization provider or the company in a seamless manner that did not disrupt the flow of orders.

About Pharmaceutical manufacturer

Global biopharmaceutical company committed to finding innovative and life-changing treatments for its patients.