Genzymes approach to security
The last decade has seen a shift in the security arena, from a traditional focus on physical security operations towards a focus on the fusion between physical and IT security. The security team at Genzyme has been at the forefront of this shift towards a holistic, business-based approach to security and risk management. Genzyme Security has implemented an integrated and intelligent enterprise risk management (non-finance) framework designed to:
Reduce vulnerabilitiesand costs by eliminatingsecurity gaps andredundancies
Identify, assess, analyze,report and manage riskswithin and across businessunits
Apply integrated riskmanagement practicesduring the developmentphase of all processes sothat security is built-in
Improve decision makingby integrating technologyand analysis to providebetter intelligence on theimpact of risks to theenterprise
Increase stakeholder valueby training all businessunits to reinforce theimportance of securityacross the enterprise
Security as an Integral Part of an Enterprise Risk Management (ERM) Program
Genzyme is one of the worlds leading biotechnology companies, dedicated to making a major positive impact on the lives of people with rare disorders or life-threatening diseases.
Threats know no organizational boundaries. Security breaches can be targeted at
any part of an organization and can quickly impact stakeholder value. Up-the-ante
when you factor in globalization. Protecting your brand, reputation, intellectual
property, supply and distribution chains, customer relations, and employees requires
a coordinated response by both the traditional brick and mortar security operations
and the information technology professionals. However, achieving a coordinated
response within the traditional physical and cyber security silo structures is a
challenge, and can prevent a truly integrated view of an organizations overall risk
position. For an organization to have a full understanding of risk interdependencies
across the enterprise, physical and IT security need to be converged into an
Enterprise Risk Management focused program. An ERM approach to security will
ultimately target and eliminate gaps and redundancies to reduce vulnerabilities and
increase stakeholder value.
The shift from silo-based security to an enterprise approach
Time is the greatest teacher. Over the past ten years, time has taught that the silo
approach to mitigating risks to the organization is inadequate and presents
inefficiencies in the protection of the enterprise. By combining physical and IT security,
an organization is in a better position to understand their overall risk position.
Risk Center
About Genzyme, a Sanofi company
Genzyme is one of the worlds leading biotechnology companies, dedicated to making a major positive impact on the lives of people with rare disorders or life-threatening diseases. Since 1981, the company has grown from a small start-up to a diversified enterprise with more than 11,000 employees in locations spanning the globe and 2008 revenues of $4.6 billion.
With many established products and services helping patients in nearly 100 countries, Genzyme is a leader in the effort to develop and apply the most advanced technologies in the life sciences. In 2007, Genzyme was chosen to receive the National Medal of Technology, the highest honor awarded by the President of the United States for technological innovation.
Early in their evolution, Genzyme,
one of the worlds leading
biotechnology companies,
recognized the need for a
coordinated and integrated
approach to security, wanting a
framework that would allow them to
manage not only the risk to existing
assets, but also risks to all aspects
of the organization that could
impact future growth. Realizing
that a traditional silo structure
would prevent a full understanding
of risk interdependencies between
business functions and processes
within the enterprise, Genzyme
implemented a security risk-based
program that encompasses physical
security, information (including IT)
and product security with business
continuity/crisis planning.
Genzyme: a benchmark for success
In 1994, Genzyme experienced the
loss of intellectual property through
theft and brought in consultant
David Kent to help evaluate the
situation. Fast forward to today and
David Kent now heads Genzyme
Security as Vice President of Global
Risk and Business Resources,
responsible for combined security,
risk management, and competitive
and technical intelligence.
Supporting Mr. Kent in the mission
of a business-based approach to
security and risk management is
Bhavesh Patel, Senior Director of
Global Risk and Business Resources.
The mission of Genzyme Security
is to protect both the tangible and
intangible assets of the enterprise
including brand, reputation, people,
monetary, data and facilities. To
achieve this goal, Genzyme security
takes an active role in identifying
and managing both rewarded and
unrewarded risks:
Rewarded risks to increase
growth and stakeholder value,
including new markets, new
products and services, new
business models, and new
partnerships
Unrewarded risks to protect
the organization against potential
monetary loss, including security
breaches, destruction or theft of
both tangible and intangible assets,
destruction of brand and reputation,
and the risk of noncompliance with
regulatory bodies
Genzyme Security manages risks
in an intelligent manner, through
a continuous life-cycle approach
from R&D, to manufacturing, to
distribution Security is involved
every step of the way to create
and preserve value. The Security
team has developed common,
unified security policies, processes
and practices which serve as the
framework for the management
and mitigation of risks across all
Genzyme business groups. One
factor that drives their success is
building risk management into the
foundation of every process.
Today, security is an integral part of Genzymes
culture. But the road to where they are today took
time and dedication to construct, and is paved by
their many accomplishments. From overseeing the
integration of security components into the design and
construction of the companys corporate headquarters,
to implementing a universal card access system, the
list of accomplishments is exhaustive and has served
to build their credibility at the board and c-suite level.
Credibility is born not only by our accomplishments, but
also by our communicating trust and value, says David
Kent, who is an active participant in executive-level
security strategy and risk assessment discussions. We
have changed the perception of security being seen only
as a tactical function to one where it is part of strategic
planning across all business processes.
Integrating technology and analysis to streamline decision making
The keystone of a successful ERM program is integration
in the form of improved intelligence sharing and
collaborative decision making across business operations.
Always with an eye towards continuous process
improvements, Genzyme Security looks to technology to
help them improve intelligence sharing and streamline
decision making. Genzyme utilizes the NC4 Risk Center
solution for notifications of global all-hazards incidents
that could pose a risk to their enterprise. NC4 helps
them in their efforts of improving their capabilities for
monitoring, gathering, analyzing, reporting, escalating
and responding to risks. As a result, they are in a better
position to deliver actionable business intelligence to the
enterprise. In the blueprint stage of defining business
processes, we consider what technological innovations
are available that can help us to streamline that
process, says Mr. Patel. The function of streamlining a
process is to ultimately save the company money we
want to work smarter not harder. We work with many
technologically savvy companies such as NC4. What
sets NC4 apart is that not only do they have superb
technology, but they also listen and react to their
customers needs.
In their state-of-the art Cambridge, MA facility, their
Security Service Center (SSC) combines physical and
IT security in one space, monitoring both information
networks and physical perimeters. NC4s global map
display has been integrated into their daily SSC
monitoring processes and is front and center in the
SSC, showing incidents being reported on by the NC4
International Monitoring Centers. Full details for each
incident can be further analyzed by clicking on the
associated incident icon. When an incident occurs
within a specified proximity to a Genzyme facility, the
icon on the map to indicate that location is highlighted
with pulsing red circles. This visual queue helps bring
immediate awareness that there is an incident that could
potentially be of higher risk to Genzymes enterprise.
Prior to subscribing to the NC4 service,