GLOBAL OPERATIONS Implementing a Global Business Continuity Management Program Disaster Recovery Journal Spring World 2010 Conference Pfizer Inc. Managing Business Continuity on a Global Scale This presentation will cover: How Pfizer Inc. manages and implements business continuity on a global level ensuring best practices and alignment of plans throughout the R&D Division.
Agenda Introductions BCM Overview Critical Processes Pfizer BCM Methodology Site to Global Transition Management Structure Business Resilience Model Case Study Q & A Pfizer Research & Development Business Continuity Network MEMBER Nick Berry, CMIOSH Wynell Bradley-Craig, ABCP Todd M. Frechette, ABCP Charles Geraci, ABCP Eric Knight, CBCP Darrell McCoy, ABCP LOCATION Europe, Middle East, Africa North America West Area North America East Area and Global R&D Division Lead North America West Area North America East Area La Jolla, CA
Business Continuity Management Pfizer Definition Business Continuity is the ability of an organization to perform critical business processes,,p protect critical assets,,provide service and support for its customers and to maintain its viability as a business before, during, and after an emergency or other disruptive incident Business Continuity Management (BCM) enables an organization to develop viable, sustainable recovery strategies to respond to business interruptions and ensure continuity of services at acceptable levels BCM Overview Why does Pfizer need BCM? Major disruptions can come unannounced and can affect any of Pfizer's sites and critical business activities anywhere around the world Pfizer must take preventive actions to mitigate risk and address vulnerabilities with appropriate recovery strategies and documented plans In the event of a disruption, Pfizer must have a BCM program to: Ensure critical business processes can be performed to: Ensure personnel and patient life safety Develop and deliver our products Maintain legal and regulatory compliance Maintain revenue stream and competitive position Ensure the protection of brand and reputation
Defining a Critical Business Process What is a Critical Business Process? At Pfizer, any activity that is assessed as having an intolerable (medium) impact on the corporation within 14 days is considered critical. If the work can be left un-done for 14+ days, without any serious consequence or intolerable impact on the company, it is probably not a critical business process. Example: Financial Impact Scale Descriptions Not Applicable No Financial Impact Not Quantifiable Not Quantifiable Low Medium High Very High Catastrophic $1 million USD > $1 million - $10 million USD > $10 million - $50 million USD > $50 million - $250 million USD > $250 million USD Pfizer BCM Methodology Overview The Pfizer Business Continuity Management (BCM) methodology consists of a six phase process
1. Initiate the BCM Program Purpose Educate BCM leaders, site/line management and stakeholders on BCM program Understand the current state of BCM readiness Deliverables Current State Assessment Project Plan 2. Conduct Business Impact Analysis & Risk Assessment Purpose Assess the financial and operational impacts of a business disruption Identify critical ca business processes, recovery e time objectives es (RTO s) and dependencies Assess potential threats to business processes and sites Obtain risk management decisions Deliverables Business Impact Analysis (BIA) RTO Assessment Interdependency Mapping Business Process Risk Assessment Site Risk Assessment Risk Management Decisions
3. Select Recovery Strategies Purpose Determine viable recovery strategies for BETH3 impacts Loss of Building Loss of Equipment Loss of Technology Loss of Human Resources Loss of 3 rd Party Vendors Present recommendations and obtain management approval Deliverables Recovery Strategy Options Alignment with IT Disaster Recovery Plans Recovery Strategy Decisions 4. Document Plans Purpose Develop a business continuity plan documenting recovery procedures Approve plan Develop additional plans for site support and implementation as needed Deliverables Alignment with Emergency Response and Crisis Management Plans Site Business Continuity Plan Implementation Plan
5. Train, Exercise & Distribute Plan Purpose Train team members on their responsibilities as described in the business continuity plan Exercise the plan to validate recovery procedures and notification process Distribute plan to all team members Deliverables Documented emergency notification exercise Documented tabletop exercise Evaluate, improve, and distribute Business Continuity Plan 6. Maintain Plan & Improve Capabilities Purpose Maintain, update and re-distribute plans regularly and upon significant business change Conduct exercises of increasing complexity Periodically assess and improve recovery capabilities Deliverables BCM updates Distribute BC plans BCM exercise program
Pfizer Methodology Overview A Globalizing Organization Becoming a site-less organization: Pfizer R&D has transitioned from a traditional sitebased organization to a global organization Many Business Lines within the R&D Division conduct the same work (processes) at multiple locations Business Continuity Methodology Transforms Resources are focused to maximize return Perform one BIA for a business line at four (4) locations, rather than performing four (4) separate BIAs for the same business line. Global BIA with Local Recovery Plans (A Glocal Business Continuity Plan) Perform a BIA for the Global Business Line Develop recovery plans for each local site, based upon the BIA priorities
Pfizer R&D BCM Network Purpose of BCM Network: Ensure alignment of BCM programs across Pfizer R&D sites Highlight and share best practices Sharing of information (training materials, exercises, ideas) Representation from each R&D Site Participation from Corporate BCM group Coordinate Implementation of Business Continuity Planning across R&D BCM Network members coordinate site BC planning with key stakeholders Pfizer Approach to BCM (Management Driven Top-Down Approach) Corporate Governance Team (Executive Representation from each Division) Divisional Oversight (Executive BCM Sponsor and BCM Leader) Business Line A (BCM Sponsor & Leader) Business Line B (BCM Sponsor & Leader) Plan Plan Plan Plan Plan Plan Owner Owner Owner Owner Owner Owner Site 1 Site 2 Site 3 Site 1 Site 2 Site 3 Site BCM Leaders (Coordinate all Business Continuity Management across a Site)
Overview of BCM Roles at Pfizer Corporate Headquarters Center of Emphasis Provides Standards, Methodology, and Training Corporate BCM Governance Team Coordination of BCM Implementation Plans across the Corporation Divisional Sponsor and Leader BCM Leader implements the program across the division Business Line Sponsor and Leader Provides sponsorship and strategic guidance for BCM program across a global business line Plan Owners Responsible for development, approval and on-going maintenance of BCPs; Typically an SME for a critical business process Site BCM Leaders Coordinates and manages BCM implementation, maintenance and operations across a site The Pfizer Business Resilience Model Emergency Response: The immediate response to an emergency, focusing on protecting life and property. Crisis Management: The overall coordination of an organization s response to a crisis, in an effective, timely manner, with the goal of avoiding or minimizing damage to the organization. Business Continuity: The ability to continue critical business processes and to protect critical assets during outages or business disruptions and to manage the return to business-as-usual operations. Disaster Recovery: Activities designed to restore information technology (IT) systems, including hardware, applications and telecommunications systems from outages.
Case Study: Putting principles into practice Global BCM Methodology R&D BCM Network Globalizing Business Continuity Integrated Resilience Strategy Location: St Louis R&D Site Critical Process: Global Import & Export Novel samples Clinical trial materials Hazardous substances Heavy snow event Blizzard conditions expected in 24 hours Second blizzard forecast for 48 hours later Response & Recovery Emergency: Site closure / access to critical colleagues Crisis management: Coordination of Pfizer response Business Continuity: Local and global recovery strategy Stop / Hold / Return / Re-distribute Shared learning's Debrief to BCM network Contact Information
Contact Information Thank You Q & A