Challenge
Bio-Rad had just added emergency-notification capabilities to its business continuity efforts when it was hit by a ransomware attack. The ability to get the word out quickly – in the middle of the night, in this case – saved the company significant expense in terms of lost time for recovery and prompted it to upgrade its entire business continuity program.
Bio-Rad is a global leader in developing and manufacturing a wide range of products for life sciences and clinical diagnostics. With more than 160 locations in 20+ countries around the world, the company wanted to be more proactive in protecting its complex manufacturing process – and the business as a whole – from any type of disruption.
“The ransomware attack raised awareness that we needed something more in place to keep the business up and running,” explains Doug Fleming, senior director of environmental, health, safety, business continuity, and sustainability at Bio-Rad. “The success of the emergency notification system really resonated with our executives, which made the business case for a more robust business continuity program relatively easy to make. We wanted to do it right.”
Solution
Bio-Rad turned to Riskonnect’s Business Continuity & Resilience software to add structure, consistency, and accountability to its global resilience efforts. The software automates routine tasks like collecting and updating information, documenting approvals, sending reminders, and compiling reports. Everything is conveniently stored in one centralized location. Files are automatically updated and synced every night.
The software is intuitive for even the most casual user – which was especially important to Bio-Rad. Executives and other stakeholders can log in to the system with single sign-on capabilities. A list of tasks and plan details are accessible from anywhere via a mobile app.
Bio-Rad worked with Riskonnect’s Business Continuity & Resilience Managed Services team for help building a comprehensive program around the globe.
To kick things off, Bio-Rad established a steering committee comprised of senior leaders in global supply chain and commercial operations, as well as functional support areas like facilities and IT. The committee – together with the Riskonnect team – first looked at the high-level impact of downtime on internal people and processes, customers, and the market.
The next step was to conduct a business impact analysis to define how the business operates. The Riskonnect team met with each department and location to understand the processes and time sensitivity, categorize impacts (like financial, supply chain, and patient health), and inventory resources required to perform the work (like suppliers and equipment).
The team also analyzed the impact of downtime and linked that to specific products and services. The BIAs helped them test the process and make adjustments.
Results
Bio-Rad can now see what a disruption would look like for the business holistically – as well as locally.
Every Bio-Rad location and department has a current business continuity plan that aligns with its operational and strategic goals. One hundred percent of the plans have been approved by the process owner, and plans are automatically kept up to date. Any new sites or acquisitions can be easily absorbed into the program. Streamlining the process and adding automation reduced the administrative burden by approximately 75%.
For the first time, Bio-Rad had quantifiable data to validate risks that were previously suspected but unconfirmed. The program also revealed gaps between what people thought would happen and what would actually happen. In one exercise, executives estimated downtime as a couple of weeks, while IT put that at months. “We were never able to make that connection before,” notes Fleming.
Bio-Rad executives were enthusiastic from the start. Nearly all have the Riskonnect app on their phones where they can instantly review plans, see tasks, and track recovery status. Plant managers and department heads also have been very participative – and the company is expanding training to involve others deeper in the organization. The steering committee will continue to act as a sounding board as conditions evolve.
Fleming is confident that the company’s response will be organized and effective next time a disruption occurs. “Riskonnect is so easy to understand, and the mobile app and single sign-on capabilities offer a huge advantage,” he says. “When everything is hitting the fan, the last thing you want to do is wrestle with your system. Even if the power is out, we still have all of the plans in our pockets.
“Business continuity is not just a piece of paper. With Riskonnect, we have real plans for keeping the business up and running.”
For more on doing resilience right, check out Riskonnect’s Business Continuity & Resilience solution.
