As an industry professional, you're eligible to receive a printed copy of the journal.

Fill out your address below.






Please reset your password to access the new DRJ.com
Reset my password
Welcome aboard, !
You're all set. We've send you an email confirmation to
just to confirm you're you.

Welcome to DRJ

Already registered user? Please login here

Existing Users Log In
   

Create new account
(it's completely free). Subscribe

 

 

In 2018, pharmaceutical giant Novartis logged $44 billion in net sales to 750 million customers. Novartis needs a lot of outside help to manufacture, market, sell, and distribute its goods and services—namely, more than 80,000 third-party vendors in 155 countries.

The scope of its multinational operation is massive. So is the pressure from executives, shareholders and regulators to ensure security across a huge swathe of risk areas, according to Naveeda Mukhtar, Solution Design Lead, ServiceNow Business Solutions at Novartis. These include human rights and worker safety, IT security and data privacy, environmental laws, anti-bribery safeguards and more.

Speaking at a Knowledge 2019 breakout session in Las Vegas, Mukhtar outlined the risk management challenges facing Novartis: “How can we unify the process for all of our risk areas? How can we follow the same framework?” Flexibility is also crucial, she noted, as pharma industry regulations are constantly changing.

To meet those challenges, Novartis adopted ServiceNow’s Vendor Risk Management application in 2018. The primary strength of ServiceNow, Mukhtar explained, is its end-to-end process framework, which has helped eliminate fragmentation across workflows and regions while making risk management simpler and more scalable.

It’s also a forward-looking solution, Mukhtar said. “An end-to-end process lines us up for the future,” she told attendees. “It enables AI automation going forward.”

Multi-team collaboration

For Novartis, third-party risk management (TPRM) requires close collaboration between three core teams: the TPRM strategic team (which acts as a governing body), the service delivery team (which performs risk assessment and supports implementation); and the risk functions (which monitors whether third-party risk policies are being delivered as required).

Due to the enormous scale of Novartis’ risk-management operations, the company started small. Novartis initially rolled out ServiceNow in just one country, Mexico, in early 2018.

Early indicators of success, such as measurable cost reductions—the company is not making specific cost-savings metrics public yet, Mukhtar said—have spurred the company to expand this implementation globally in 2019 and beyond.

That’s not to say it has been an easy road. Mukhtar notes that it took customization (such as third-party questionnaire configuration and vendor portal functionality) to tailor risk monitoring tools and documentation processes for Novartis’ complex needs.

“Because we were one of the early adopters, we probably suffered more than others will,” Mukhtar explained. “We were guinea pigs, but overall it went very well.”

Mukhtar also shared a few recommendations for other large organizations looking to leverage ServiceNow’s Vendor Risk Management application on a large scale. First, project managers need to secure senior leadership buy-in and support from the outset. Second, they need to prepare well in advance of implementation by learning the tool’s out-of-the-box capabilities and determining where customization is needed. Third, they should enlist the support of the IT delivery team.

Lastly, Mukhtar said, customers need to forge a real partnership with ServiceNow in order to provide feedback and influence their roadmap for future product innovation. 

Six Tips for Legal Professionals in Disaster Recovery Planning
As businesses of all sizes adjust to ongoing recommendations from local, state and federal COVID-19 guidance, there needs to be...
READ MORE
ProjectManagement_03
10 Tips on How to Be a More Effective Business Continuity Planner
In business continuity, it is essential to be an effective communicator in order to effectively convey your plans and strategies...
READ MORE
A rose by any other name
We are called by many names, most of them polite. Alphabetically, we are Business continuity practitioners Disaster recovery practitioners Resiliency...
READ MORE
Preparing for an earthquake
A planner acquaintance was advised that a severe earthquake was imminent in his area. While the country in which he...
READ MORE