When the world started hearing rumblings of a virus with potential global scale late in 2019, Corning Incorporated was already aware of the situation and planning had begun.
“We had people on the ground in Wuhan (China), and one of our people in the security group called and said, ‘We are hearing of a virus and this could be a potential concern,’” recalls Matt Estep, Manager, Risk and Resiliency at Corning.
With more than 180 locations and close to 50,000 employees around the world, global materials science innovator Corning could have experienced a significant impact to operations once COVID-19 caused all-encompassing shutdowns. But it didn’t. In fact, not only was Corning management able to put its pandemic response plans in place largely seamlessly, but because of the company’s highly integrated and tightly coordinated response — the backbone of which was led and continues to be led by Corning’s Global Security division — the company has been able to continue operations, ensure the safety of its employees, and coordinate an even larger effort to help its surrounding communities, healthcare facilities and hospitals during this time as well.
At the center of much of Corning’s pandemic response sits a group of experts tasked with leading the corporate crisis response efforts, deploying technical and operational support teams worldwide, and protecting the collection and use of the personal information related to its employees. Within Corning’s four walls, these teams, all components of Corning’s Global Security division include the risk and resiliency group, the operations and technology group, and the data privacy group. Driven by the company’s longstanding values, this trifecta propelled Corning throughout the pandemic.
Estep’s risk and resiliency group includes two main units: the global security operations center (GSOC), which is responsible for 24/7 global incident monitoring, and business continuity, which maintains the company’s corporate crisis response plan (CCRP).
The operations and technology group led by Tim Williams, Manager, is responsible for Corning’s physical security globally, including guarding, access control and other asset protection technology. The team also supports Estep’s group, Corning’s investigations and compliance groups, along with all other groups under Global Security.
Blanketing Corning’s pandemic response framework is the data privacy group led by Rosemary Martorana, CSA Manager and Chief Privacy Officer. Throughout the crisis, the data privacy team instituted appropriate and proportionate safeguards needed to collect, process and use employee data to better understand where and how pandemic response processes and technologies were being deployed within Corning, as well as met any mandatory regulatory reporting requirements.
When it became clear that Corning operations would be impacted, the teams went into action. Because the company had its agnostic response plans tested and in place already, Williams says that this enabled the company to focus on the minutiae specific to COVID-19 and the constantly evolving situation, including sourcing personal protective equipment (PPE) and other materials, handling contact tracing and building occupancy, providing medical care for employees in need, and more.
Stepping into Action
One of the first actions the teams took was coordinating with Corning’s travel department, as well as local governments in many cases, to ensure that employees and contractors were able to make it home safely. The security teams began notifying its expatriates, contractors and travelers that city and country-wide shutdowns were imminent and to get on the next flight possible to go home.
“In some cases, we had to negotiate through our government and [other countries’] governments to get our employees home,” Williams says. Global Security’s ongoing investment in building relationships with U.S. diplomatic security officials around the world proved to be invaluable to gain a real-time understanding of risk conditions in Wuhan in the early days of the pandemic. “Corning’s membership in the Overseas Security Advisory Council allowed our operational and risk teams the ability to operate with better insight in the fluid risk environment,” Williams adds.
Once employees were home or quarantined, the security teams coordinated medical care and supplies. For example, a number of employees in Wuhan had to quarantine in hotels that in some cases lacked access to basic necessities due to supply chain disruptions. “We used some of our security contacts in China to bring them supplies and get them what they needed,” Estep shares. When groups of American employees made it back to California from abroad, the teams coordinated the transportation logistics, briefed the returnees on what to expect throughout the repatriation process and actively tracked them throughout their journey to ensure that everyone made it safely to their final destination.
Creating a War Room
At the same time that the company was ensuring employees were safe, Estep’s team mobilized a war room that had 24/7 global communication links and included people from every functional area within the company, including the GSOC, data privacy, IT, security operations, legal, human resources, global supply chain management, corporate real estate, corporate communications and more.
“We made sure every functional area was identified and represented in the room, and it really enabled quick communication, quick collaboration and quick elevation of serious issues that needed support,” Estep says. A separate executive war room led by Steve Harrold, Corning’s global security division Vice President, and Dr. Michael Lappi, Corning’s Chief Medical Officer, was also created to tackle major issues or concerns such as medical services, crisis response oversight and other employee-wide stressors or factors that needed to be addressed. In the early days at the height of the pandemic crisis, Corning’s Corporate Crisis Response Team met up to three times a day. Once all employees shifted to work from home, the company shifted to a virtual war room without missing a beat.
“We were still pulling together people out of functional areas that hadn’t necessarily dealt in a crisis situation before, but because we had the rules in place and the communication set up, these relationships quickly became a well-functioning tool that helped at every level of the company,” Williams says.
While all this was taking place, the data privacy team and Corning’s law department partnered in the background to ensure necessary protections were in place to limit collection, use and exposure of Corning employee data. “We recognized early on that different groups throughout the company would be required to handle sensitive personal data to keep our workforce safe,” Martorana says. “Our goal was to ensure we had the appropriate controls in place to do this. Despite finding ourselves in extraordinary circumstances, we had to ensure we were centering our efforts around our regulatory framework.”
Early on, the global operations and technology team anticipated that remote work was going to be the case globally. In preparation, Williams and his team alerted IT teams to begin putting in place the necessary upgrades, VPN bolstering and equipment that would ensure employees could be remotely connected without restraint. For employees that didn’t already have the necessary equipment to work from home, the teams coordinated equipment to allow them to do so.
Though the majority of Corning’s global non-manufacturing employees shifted to working remotely, all of the company’s manufacturing locations were deemed essential by government mandates and were able to remain open for necessary operations. The security teams worked together with its global supply chain and manufacturing partners to ensure PPE and other supplies were available so operations could safely continue without major disruptions.
Furthermore, these mandates came with screening requirements. For example, in New York State, employees must attest to a series of personal health-related questions before entering the building and responses must be reviewed to ensure compliance. “The task now becomes protecting that data, limiting its application, and disposing it accordingly,” Martorana says.
Working with the Chief Medical Officer and other internal stakeholders, the team facilitated the creation of a process and an internal software platform for contact tracing. “People were our first and foremost important focus,” Estep says. “We needed to know who was falling ill and who they were in contact with. At the time, we didn’t have something in place that could do this.” The company has also used its contact tracing capability to ensure that the medical services team can follow up with employees who have fallen ill to make sure they are getting the care they need. Estep adds that on the process side, Corning wanted to enable sites to monitor and screen employees and third parties coming in and out of its physical sites.
“The trick here was applying ‘privacy by design,’” says Martorana. “Meaning we needed to integrate privacy principles into the creation and use of the contact-tracing platform while also complying to regional and country requirements.”
All of the company’s steps to the pandemic have been conducted with Corning’s core values in mind. “Corning has core values that we operate under from the CEO on down,” Estep says. “We focus on the impact on our employees, the impact on operations and our customers, and then the impact on our community and how we can help. Those three categories were addressed every time we met.”
Thanks to Corning Global Security’s unified efforts, the corporation as a whole has been able to live its values and focus on the continued advancement of those key areas of people, processes and community, while allowing the company to be responsive to the pandemic in a very strong way and setting it up to handle any future incidents or responses small or large. “COVID-19 will be around in the foreseeable future so the tools, processes and response capabilities that we’ve established need to be sustained,” Estep says.