The Cure for Security Inconsistency

Genzyme, a Sanofi company, may specialize in rare diseases, but its security team of Marvin Washington, Dave Kent and Bhavesh Patel has made integrating disparate systems their specialty


Patel, in fact, was an initial member of the supplier’s “End-Users Group.”

The more difficult challenges, though, were not technical, but rather geo-political. Since security went global before HR did, it encountered numerous privacy issues at international locations. Regulations such as when video could be recorded and the length of time transactional data could be kept were negotiated with each entity (nearly 50 in all) on an individual basis. To be sure, the intangibles of trust, fear of corporate oversight, and individual personalities complicated these negotiations, but collaboration and good sense won out.

 

Acquisition Complications

Fast forward to 2011, the year of Sanofi’s acquisition — by then, Genzyme’s processes, procedures and measurement had been so well-tuned that the Global Risk Group operated like a separate business unit. It kept its own financial data encompassing costs and positive contributions; in fact, security considerations had become one of the baseline criteria for many business decisions.

“Prior to the acquisition, we knew Sanofi and its integration history well, and were concerned that the value of our program might be overlooked,” Kent says.

Life usually changes dramatically for a company when it is acquired, but Sanofi Senior management in Paris and North America immediately saw the value of Genzyme’s integrated security platform, seeing the potential value of a combined program. Sanofi’s global head count, at more than 100,000, is ten times the size of Genzyme’s, and Sanofi’s additional acquisitions of animal healthcare company Merial (2009) and consumer products company Chattem (2010) had created a situation where 15 different access control systems and a like number of video management systems were operating across North America, encompassing nearly 10,000 card readers and more than 5,000 video cameras.

Kent was named Sanofi Head of North American Security and his group was empowered to be the catalyst for change. Fortunately, each entity already had a professional security staff, setting the stage for meaningful and collaborative integration post-acquisitions. A significant piece of the Sanofi integration was tying together these previously independent programs into a cohesive North American security team, which included Marvin Washington, Director of North American Security Operations, and his Security Operations team.

Using Kent’s template for successful integration, a primary task was to whittle down 15 access control systems to three; however, it was not just about access control — the challenge was multi-faceted. “Sanofi’s portfolio of companies in North America — with more than 20,000 employees and 135 locations — faces a diverse set of current and emerging security risks,” Kent says. “Our challenge is to align our programs, services and systems in a way that enables the business to operate securely.”

 

First In on PSIM

Even before being acquired, Kent and his team at Genzyme had begun to think about its multiple security challenges, and in response had developed and deployed the Genzyme Event Manager (GEM), a system that today would be termed a “Physical Security Information Management” (PSIM) system. It handles an array of inputs and to provide security operators guidance on procedures to follow to resolve the alarm or event.

These inputs could be internal alarm-generated, or external, such as that from third-party situational awareness software or traveler software; however Sanofi is a pharmaceutical company, not a software company, and Kent says it was hesitant to develop and enhance a software product like GEM unless there was no alternative to meet its needs.

The alternative presented itself in SureView Systems, which, with its roots in alarm monitoring software, had recently broadened its product line to extend alarm management into security information management. Its Immix software platform, unlike GEM, is a .NET web-based system, requiring no client software to be installed on operator or supervisor PCs. The system consolidates all monitoring activities from any source including video surveillance, access control intrusion, two-way audio and GPS alarms.