Genzyme Case Study

Risk Center ™
Genzyme’s approach
to security
Genzyme is one of the world’s leading biotechnology companies, dedicated to making a major
positive impact on the lives of people with rare disorders or life-threatening diseases.
Security as an Integral Part of an Enterprise
Risk Management (ERM) Program
Threats know no organizational boundaries. Security breaches can be targeted at
any part of an organization and can quickly impact stakeholder value. Up-the-ante
when you factor in globalization. Protecting your brand, reputation, intellectual
property, supply and distribution chains, customer relations, and employees requires
a coordinated response by both the traditional brick and mortar security operations
and the information technology professionals. However, achieving a coordinated
response within the traditional physical and cyber security silo structures is a
challenge, and can prevent a truly integrated view of an organization’s overall risk
position. For an organization to have a full understanding of risk interdependencies
across the enterprise, physical and IT security need to be converged into an
Enterprise Risk Management focused program. An ERM approach to security will
ultimately target and eliminate gaps and redundancies to reduce vulnerabilities and
increase stakeholder value.
The shift from silo-based security to an enterprise approach
Time is the greatest teacher. Over the past ten years, time has taught that the silo
approach to mitigating risks to the organization is inadequate and presents
inefficiencies in the protection of the enterprise. By combining physical and IT security,
an organization is in a better position to understand their overall risk position.
The last decade has seen a
shift in the security arena,
from a traditional focus on
physical security operations
towards a focus on the
fusion between physical and
IT security. The security
team at Genzyme has been
at the forefront of this shift
towards a holistic, businessbased approach to security
and risk management.
Genzyme Security has
implemented an integrated
and intelligent enterprise risk
management (non-finance)
framework designed to:
• Reduce vulnerabilities
and costs by eliminating
security gaps and
redundancies
• Identify, assess, analyze,
report and manage risks
within and across business
units
• Apply integrated risk
management practices
during the development
phase of all processes so
that security is built-in
• Improve decision making
by integrating technology
and analysis to provide
better intelligence on the
impact of risks to the
enterprise
• Increase stakeholder value
by training all business
units to reinforce the
importance of security
across the enterprise
About Genzyme, a
Sanofi company
Genzyme is one of
the world’s leading
biotechnology companies,
dedicated to making a
major positive impact
on the lives of people
with rare disorders or
life-threatening diseases.
Since 1981, the company
has grown from a small
start-up to a diversified
enterprise with more
than 11,000 employees
in locations spanning the
globe and 2008 revenues
of $4.6 billion.
With many established
products and services
helping patients in nearly
100 countries, Genzyme
is a leader in the effort
to develop and apply
the most advanced
technologies in the
life sciences. In 2007,
Genzyme was chosen to
receive the National Medal
of Technology, the highest
honor awarded by the
President of the United
States for technological
innovation.
Early in their evolution, Genzyme,
The mission of Genzyme Security
one of the world’s leading
is to protect both the tangible and
biotechnology companies,
intangible assets of the enterprise
recognized the need for a
including brand, reputation, people,
coordinated and integrated
monetary, data and facilities. To
approach to security, wanting a
achieve this goal, Genzyme security
framework that would allow them to
takes an active role in identifying
manage not only the risk to existing
and managing both rewarded and
assets, but also risks to all aspects
unrewarded risks:
of the organization that could
impact future growth. Realizing
that a traditional silo structure
would prevent a full understanding
of risk interdependencies between
business functions and processes
within the enterprise, Genzyme
Rewarded risks to increase
growth and stakeholder value,
including new markets, new
products and services, new
business models, and new
partnerships
implemented a security risk-based
Unrewarded risks to protect
program that encompasses physical
the organization against potential
security, information (including IT)
monetary loss, including security
and product security with business
breaches, destruction or theft of
continuity/crisis planning.
both tangible and intangible assets,
Genzyme: a benchmark
for success
destruction of brand and reputation,
In 1994, Genzyme experienced the
loss of intellectual property through
theft and brought in consultant
David Kent to help evaluate the
situation. Fast forward to today and
David Kent now heads Genzyme
Security as Vice President of Global
Risk and Business Resources,
responsible for combined security,
risk management, and competitive
and technical intelligence.
Supporting Mr. Kent in the mission
of a business-based approach to
security and risk management is
Bhavesh Patel, Senior Director of
Global Risk and Business Resources.
and the risk of noncompliance with
regulatory bodies
Genzyme Security manages risks
in an intelligent manner, through
a continuous life-cycle approach
– from R&D, to manufacturing, to
distribution – Security is involved
every step of the way to create
and preserve value. The Security
team has developed common,
unified security policies, processes
and practices which serve as the
framework for the management
and mitigation of risks across all
Genzyme business groups. One
factor that drives their success is
building risk management into the
foundation of every process.
Today, security is an integral part of Genzyme’s
sets NC4 apart is that not only do they have superb
culture. But the road to where they are today took
technology, but they also listen and react to their
time and dedication to construct, and is paved by
customer’s needs.”
their many accomplishments. From overseeing the
integration of security components into the design and
construction of the company’s corporate headquarters,
to implementing a universal card access system, the
list of accomplishments is exhaustive and has served
to build their credibility at the board and c-suite level.
“Credibility is born not only by our accomplishments, but
also by our communicating trust and value,” says David
Kent, who is an active participant in executive-level
security strategy and risk assessment discussions. “We
have changed the perception of security being seen only
as a tactical function to one where it is part of strategic
planning across all business processes.”
In their state-of-the art Cambridge, MA facility, their
Security Service Center (SSC) combines physical and
IT security in one space, monitoring both information
networks and physical perimeters. NC4’s global map
display has been integrated into their daily SSC
monitoring processes and is front and center in the
SSC, showing incidents being reported on by the NC4
International Monitoring Centers. Full details for each
incident can be further analyzed by clicking on the
associated incident icon. When an incident occurs
within a specified proximity to a Genzyme facility, the
icon on the map to indicate that location is highlighted
with pulsing red circles. This visual queue helps bring
Integrating technology and analysis to
streamline decision making
immediate awareness that there is an incident that could
The keystone of a successful ERM program is integration
Prior to subscribing to the NC4 service, the challenge of
in the form of improved intelligence sharing and
processing the enormous volume of intelligence around
collaborative decision making across business operations.
potential external threats was overwhelming. With the
Always with an eye towards continuous process
improvements, Genzyme Security looks to technology to
help them improve intelligence sharing and streamline
decision making. Genzyme utilizes the NC4 Risk Center™
solution for notifications of global all-hazards incidents
that could pose a risk to their enterprise. NC4 helps
them in their efforts of improving their capabilities for
monitoring, gathering, analyzing, reporting, escalating
potentially be of higher risk to Genzyme’s enterprise.
NC4 Risk Center solution, the volume of incidents is
narrowed to only those that are relevant to Genzyme’s
operations, freeing up valuable time to focus on further
analyzing the impact of the incident to make informed
decisions. As a result, Genzyme Security is able to
provide a better service to the enterprise. According to
Mr. Patel, “The NC4 Risk Center service is wonderful. The
quality of data we receive from NC4 can’t be emulated.”
and responding to risks. As a result, they are in a better
Incorporated into the ERM program at Genzyme is the
position to deliver actionable business intelligence to the
monitoring of risks associated with traveling employees.
enterprise. “In the blueprint stage of defining business
In early 2009, NC4 and TranSecur, the nation’s oldest
processes, we consider what technological innovations
continually operated provider of global travel security
are available that can help us to streamline that
information, announced a partnership to bring another
process,” says Mr. Patel. “The function of streamlining a
layer of situational awareness to their customers. As
process is to ultimately save the company money – we
a user of both NC4 and TranSecur products, Genzyme
want to work smarter not harder. We work with many
recognized that the combined strengths of both
technologically savvy companies such as NC4. What
technologies would further enhance their security
team’s ability to service the enterprise, improving their
risk management capabilities. The first phase of this
integration expanded NC4 Risk Center coverage with
detailed country risk analysis and is currently in use by
the Genzyme Security team. The next phase of the NC4
and TranSecur partnership will bring a tighter integration
between the two technologies, particularly around
TranSecur’s travel management application. TranSecur is
a leader in travel risk management, and the integration
with NC4 will allow TranSecur subscribers, like Genzyme,
to link directly to their real-time traveler information
directly from the NC4 map. In addition to incident icons
displayed on their NC4 global map, Genzyme’s Security
staff will be able to instantly see locations around the
world where they have active or pending travelers,
drill down to itinerary details, and determine if any of
those travelers are in harm’s way. The technological
enhancements of the NC4 and TranSecur integration
will provide Genzyme a more comprehensive snapshot
of global risks as well as another layer of intelligence
work smarter, not harder.”
What’s next for Genzyme on the technological front?
Mr. Patel is currently exploring the use of robots for one
of their warehouse facilities. While the idea of using
robotics in a warehouse facility is not new, Mr. Patel
plans to incorporate the use of video surveillance into
the robot. Genzyme Security currently monitors quality
control of production trains using video feeds. Taking
this to the next level, the warehouse robots will have
the added capability of mobility and will be able to be
driven anywhere in the warehouse facility. The video
feeds from the robots onboard surveillance cameras will
route directly back to the SOC for real-time monitoring
of the facility. “The technologies in the marketplace
today are limitless,” comments Mr. Patel, “but without a
process around the technology, it’s just a fancy gadget.
Technology must be integrated into business processes
to bring measurable and sustainable value to the
enterprise.”
to better manage travel risks. “This is the stuff I get
excited about,” says Patel, “combining two existing
technologies for a synergistic effect that enables us to
More About NC4
NC4 delivers safety and security solutions for both
business and government organizations. NC4
revolutionizes how organizations and communities
collect, manage, share and disseminate information
to reduce cyber threats, fight crime, mitigate risks
and manage incidents. NC4 also provides secure
communication and collaboration solutions for
public and private sector communities.
NC4 solutions are used in the public sector by
federal, state and local agencies in homeland
security, emergency management and law
enforcement disciplines. NC4 solutions are used in
the private sector by companies involved in
financial services, high-tech, insurance,
manufacturing, aerospace and defense, oil and
gas, pharmaceuticals and healthcare, as well as
other industries.
To learn more about how NC4 can benefit your
organization, visit www.NC4.com or call
877-624-4999 | +1-310-606-4444
100 N. Sepulveda Blvd.
El Segundo, CA 90245
877-624-4999 |
+310-606-4444 © 2016 NC4™