Implementing a Global Business

Similar documents
Business continuity management and cyber resiliency

Risk Management. Continuity Management

TSC Business Continuity & Disaster Recovery Session

How to Conduct a Business Impact Analysis and Risk Assessment

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Appendix 3 Disaster Recovery Plan

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Business Continuity Policy

Business Continuity Management Standards A Side-by-Side Comparison

Business Continuity Management

How to Derive Value from Business Continuity Planning

BCM s Role in Effective Risk Management: A Risk Manager s Point of View

Introduction to Business Continuity Management

Continuity of Business

Session 5: Business Continuity, with Business Impact Analysis

MassMutual Business Continuity Disclosure Statement

Global Statement of Business Continuity

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

Business Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018

Introduction to Business continuity Planning

How ISO helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016

Business Continuity Planning

PECB Change Log Form

Business Continuity and Disaster Recovery

BCM Program Development

Disaster Recovery and Business Continuity Planning (Mile2)

Business Continuity Management Program Overview

Building a BC/DR Control Library and Regulatory Response Program

Facilities Management and Business Continuity. 10 May 2017

Infocomm Professional Development Forum 2011

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

UL and Business Continuity

Global Security Advisor

Writing a business continuity plan according to ISO Presenter: Dejan Kosutic

Member of the County or municipal emergency management organization

Driving Global Resilience

Addressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting

Principles for BCM requirements for the Dutch financial sector and its providers.

Build a viable plan for disaster recovery and crisis management.

Policy. Business Resilience MB2010.P.119

Policy Title; Business Continuity Management Policy. Date Published/Reviewed; February 2018

Table of Contents. Sample

MHA Consulting BCM Metrics Resiliency Through Measurement

Maintaining Resiliency Within the Defense Industrial Base Through Preparedness Response and Recovery

Integration of Business Continuity, Emergency Preparedness, and Emergency Response

BUSINESS CONTINUITY MANAGEMENT (BCM) INITIATIVES OF THE BANGKO SENTRAL NG PILIPINAS

The Office of Infrastructure Protection

Business Continuity Planning Keeping Pace with New Technology

Emergency Management BC Update

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

Promoting the Art and Science of Business Continuity Management Worldwide. Partner of the DRJ

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING

3.4 DISASTER RECOVERY (L , M.3.9, comp_req_id 806)

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Executive summary. Natural disasters including bushfires, floods, storms and cyclones have destructive and devastating consequences for Australia

INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK

WHITE PAPER OCTOBER 2017 VMWARE ENTERPRISE RESILIENCY. Integrating Resiliency into Our Culture and DNA

Long-Term Power Outage Response and Recovery Tabletop Exercise

ISO Business Continuity Management System

Using ITIL to Measure Your BCP

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

INTELLIGENCE DRIVEN GRC FOR SECURITY

CCISO Blueprint v1. EC-Council

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

INTERNAL AUDIT DIVISION REPORT 2017/138

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Introduction. Overview. Every Crisis Management Team Needs a Critical Decision Checklist. Presented by Roseanne Rostron, CBCP President Raido Response

Business Impact Analysis (BIA)

Technology Advances in FEMA Response and Recovery to Disasters

Security Director - VisionFund International

Bundling Arrows: Making a Business Case for Adopting an Incident Command System (ICS) 2012 The Flynt Group, Inc.; All Rights Reserved. FlyntGroup.

Bradford J. Willke. 19 September 2007

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Emergencies: Protecting Staff & Assets. Presented By: Tom Heebner, CSP, ARM, ABCP AVP / Risk Consultant HUB International Limited

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Implementing a BCM Programme

Data Recovery Policy

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Emergency Operations Center Management Exercise Evaluation Guide

AAPA Smart Ports. Cyber Management for Ports Panel. Small Port Cyber Security Workshops. March 6, 2018

Community-Based Water Resiliency

Information Security Controls Policy

STRATEGIC PLAN. USF Emergency Management

Global Security Consulting Services, compliancy and risk asessment services

Prepare your Emergency respons, continuity plan, recovery plan

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments

Frontiers of Risk. Don t Be Afraid: Business Continuity Plan Development Only Hurts A Little!

Business Continuity - An Inside Perspective

Addressing the elephant in the operating room: a look at medical device security programs

Cyber Security in Smart Commercial Buildings 2017 to 2021

Business Continuity Risk Management IT Service Continuity

Business Continuity & Disaster Recovery

Business Continuity: How to Keep City Departments in Business after a Disaster

Disaster Recovery Planning Blackout. Katrina

ISO 22301: An Overview of BCM Implementation Process. Presenter: Dejan Kosutic

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

Rejuvenating BCM - Infrastructure. Business Continuity Awareness Week March 2009

Avanade s Approach to Client Data Protection

Updates to the NIST Cybersecurity Framework

Transcription:

GLOBAL OPERATIONS Implementing a Global Business Continuity Management Program Disaster Recovery Journal Spring World 2010 Conference Pfizer Inc. Managing Business Continuity on a Global Scale This presentation will cover: How Pfizer Inc. manages and implements business continuity on a global level ensuring best practices and alignment of plans throughout the R&D Division.

Agenda Introductions BCM Overview Critical Processes Pfizer BCM Methodology Site to Global Transition Management Structure Business Resilience Model Case Study Q & A Pfizer Research & Development Business Continuity Network MEMBER Nick Berry, CMIOSH Wynell Bradley-Craig, ABCP Todd M. Frechette, ABCP Charles Geraci, ABCP Eric Knight, CBCP Darrell McCoy, ABCP LOCATION Europe, Middle East, Africa North America West Area North America East Area and Global R&D Division Lead North America West Area North America East Area La Jolla, CA

Business Continuity Management Pfizer Definition Business Continuity is the ability of an organization to perform critical business processes,,p protect critical assets,,provide service and support for its customers and to maintain its viability as a business before, during, and after an emergency or other disruptive incident Business Continuity Management (BCM) enables an organization to develop viable, sustainable recovery strategies to respond to business interruptions and ensure continuity of services at acceptable levels BCM Overview Why does Pfizer need BCM? Major disruptions can come unannounced and can affect any of Pfizer's sites and critical business activities anywhere around the world Pfizer must take preventive actions to mitigate risk and address vulnerabilities with appropriate recovery strategies and documented plans In the event of a disruption, Pfizer must have a BCM program to: Ensure critical business processes can be performed to: Ensure personnel and patient life safety Develop and deliver our products Maintain legal and regulatory compliance Maintain revenue stream and competitive position Ensure the protection of brand and reputation

Defining a Critical Business Process What is a Critical Business Process? At Pfizer, any activity that is assessed as having an intolerable (medium) impact on the corporation within 14 days is considered critical. If the work can be left un-done for 14+ days, without any serious consequence or intolerable impact on the company, it is probably not a critical business process. Example: Financial Impact Scale Descriptions Not Applicable No Financial Impact Not Quantifiable Not Quantifiable Low Medium High Very High Catastrophic $1 million USD > $1 million - $10 million USD > $10 million - $50 million USD > $50 million - $250 million USD > $250 million USD Pfizer BCM Methodology Overview The Pfizer Business Continuity Management (BCM) methodology consists of a six phase process

1. Initiate the BCM Program Purpose Educate BCM leaders, site/line management and stakeholders on BCM program Understand the current state of BCM readiness Deliverables Current State Assessment Project Plan 2. Conduct Business Impact Analysis & Risk Assessment Purpose Assess the financial and operational impacts of a business disruption Identify critical ca business processes, recovery e time objectives es (RTO s) and dependencies Assess potential threats to business processes and sites Obtain risk management decisions Deliverables Business Impact Analysis (BIA) RTO Assessment Interdependency Mapping Business Process Risk Assessment Site Risk Assessment Risk Management Decisions

3. Select Recovery Strategies Purpose Determine viable recovery strategies for BETH3 impacts Loss of Building Loss of Equipment Loss of Technology Loss of Human Resources Loss of 3 rd Party Vendors Present recommendations and obtain management approval Deliverables Recovery Strategy Options Alignment with IT Disaster Recovery Plans Recovery Strategy Decisions 4. Document Plans Purpose Develop a business continuity plan documenting recovery procedures Approve plan Develop additional plans for site support and implementation as needed Deliverables Alignment with Emergency Response and Crisis Management Plans Site Business Continuity Plan Implementation Plan

5. Train, Exercise & Distribute Plan Purpose Train team members on their responsibilities as described in the business continuity plan Exercise the plan to validate recovery procedures and notification process Distribute plan to all team members Deliverables Documented emergency notification exercise Documented tabletop exercise Evaluate, improve, and distribute Business Continuity Plan 6. Maintain Plan & Improve Capabilities Purpose Maintain, update and re-distribute plans regularly and upon significant business change Conduct exercises of increasing complexity Periodically assess and improve recovery capabilities Deliverables BCM updates Distribute BC plans BCM exercise program

Pfizer Methodology Overview A Globalizing Organization Becoming a site-less organization: Pfizer R&D has transitioned from a traditional sitebased organization to a global organization Many Business Lines within the R&D Division conduct the same work (processes) at multiple locations Business Continuity Methodology Transforms Resources are focused to maximize return Perform one BIA for a business line at four (4) locations, rather than performing four (4) separate BIAs for the same business line. Global BIA with Local Recovery Plans (A Glocal Business Continuity Plan) Perform a BIA for the Global Business Line Develop recovery plans for each local site, based upon the BIA priorities

Pfizer R&D BCM Network Purpose of BCM Network: Ensure alignment of BCM programs across Pfizer R&D sites Highlight and share best practices Sharing of information (training materials, exercises, ideas) Representation from each R&D Site Participation from Corporate BCM group Coordinate Implementation of Business Continuity Planning across R&D BCM Network members coordinate site BC planning with key stakeholders Pfizer Approach to BCM (Management Driven Top-Down Approach) Corporate Governance Team (Executive Representation from each Division) Divisional Oversight (Executive BCM Sponsor and BCM Leader) Business Line A (BCM Sponsor & Leader) Business Line B (BCM Sponsor & Leader) Plan Plan Plan Plan Plan Plan Owner Owner Owner Owner Owner Owner Site 1 Site 2 Site 3 Site 1 Site 2 Site 3 Site BCM Leaders (Coordinate all Business Continuity Management across a Site)

Overview of BCM Roles at Pfizer Corporate Headquarters Center of Emphasis Provides Standards, Methodology, and Training Corporate BCM Governance Team Coordination of BCM Implementation Plans across the Corporation Divisional Sponsor and Leader BCM Leader implements the program across the division Business Line Sponsor and Leader Provides sponsorship and strategic guidance for BCM program across a global business line Plan Owners Responsible for development, approval and on-going maintenance of BCPs; Typically an SME for a critical business process Site BCM Leaders Coordinates and manages BCM implementation, maintenance and operations across a site The Pfizer Business Resilience Model Emergency Response: The immediate response to an emergency, focusing on protecting life and property. Crisis Management: The overall coordination of an organization s response to a crisis, in an effective, timely manner, with the goal of avoiding or minimizing damage to the organization. Business Continuity: The ability to continue critical business processes and to protect critical assets during outages or business disruptions and to manage the return to business-as-usual operations. Disaster Recovery: Activities designed to restore information technology (IT) systems, including hardware, applications and telecommunications systems from outages.

Case Study: Putting principles into practice Global BCM Methodology R&D BCM Network Globalizing Business Continuity Integrated Resilience Strategy Location: St Louis R&D Site Critical Process: Global Import & Export Novel samples Clinical trial materials Hazardous substances Heavy snow event Blizzard conditions expected in 24 hours Second blizzard forecast for 48 hours later Response & Recovery Emergency: Site closure / access to critical colleagues Crisis management: Coordination of Pfizer response Business Continuity: Local and global recovery strategy Stop / Hold / Return / Re-distribute Shared learning's Debrief to BCM network Contact Information

Contact Information Thank You Q & A

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback