Pfizer

CoCo

Hybrid-Cloud, Multi-Tenant Governed AI Platform for Enterprise Knowledge & Onboarding

Problem
1,000 new hires across 20+ fragmented systems with 40% MLR rejection rates
Solution
Governed RAG platform reducing cycles by an estimated 65%, tripling throughput, with projected annual savings of $2.08M
CoCo AI Platform
65%Faster MLR cycles (est.)
Throughput increase (est.)
$2.08MEst. annual savings
~1,000Staff onboarded

This case study is sanitized for confidentiality. Certain figures, labels, and diagrams are representative but structurally faithful to the engagement.

1,000 new hires. 12 weeks. 20+ fragmented systems.

Pfizer split its marketing business between IPG and Publicis right before peak vaccine season. Publicis inherited Paxlovid, Abrysvo, and Comirnaty—and needed to scale from zero to nearly 1,000 staff in weeks.

I embedded with Pfizer, Publicis, and IPG for two weeks before writing any code. Shadowed content producers. Sat with MLR reviewers. Mapped the actual workflow.

What I found: staff spent 25+ minutes per asset just searching for approved templates and prior claims. 40% of MLR submissions were rejected—not for content issues, but for using wrong templates or outdated claims.

25+min to find one asset
40%MLR rejection rate
20+disconnected systems
Before → After Transformation
Search Time96%
25min
1min
MLR Rejection88%
40%
5%
Systems to Search95%
20
1
Onboarding Time92%
90days
7days
Rework Rate77%
35%
8%

MLR Content Pipeline — Before CoCo

Only 20% of content requests made it through to approval, with 40% rejected at first review due to template and claim errors.

Content Requests: 1.0K (100%)1.0KContent Requests100%Initial Draft: 720 (72.0%)720Initial Draft72.0%28.0%MLR Submission: 580 (80.6%)580MLR Submission80.6%19.4%First Review: 420 (72.4%)420First Review72.4%27.6%Revisions: 340 (81.0%)340Revisions81.0%19.0%Approved: 200 (58.8%)200Approved58.8%41.2%
Total Visitors:1.0K
Conversions:200
Overall Rate:20.00%

CoCo: a hybrid-cloud, multi-tenant governed AI platform for enterprise knowledge.

CoCo—"Company Companion"—is embedded in Microsoft Teams. Instead of searching 20 systems, employees ask CoCo. It retrieves approved content, answers policy questions, and guides new hires through processes—with citations back to source documents.

The operating environment was Azure-native for collaboration, identity, and enterprise content access: Azure ML + AKS for the pipeline, Cognitive Search for hybrid retrieval, Graph-RAG for relationship mapping across brands and regions. The platform architecture followed portable control-plane patterns aligned with Amazon Web Services (AWS) for agent orchestration, validation, and observability.

Every model output was treated as an untrusted artifact. Before any response surfaced to users or triggered downstream workflows, it passed through a validation layer: schema enforcement, citation verification against approved sources, policy checks aligned to MLR rules, and confidence thresholds. Outputs that failed validation were blocked, routed for clarification, or escalated—ensuring the system behaved predictably and prevented non-compliant content from entering production workflows.

LayerPrimary PlatformRole
Collaboration & IdentityAzure / MicrosoftTeams interface, Entra ID, document access
Retrieval & Tenant ContextAKS + Azure AI SearchTenant-aware indexing, hybrid retrieval, content boundaries
Agent Control PlaneAWS-aligned patternOrchestration, validation gates, tool invocation, observability
Systems of RecordMixed enterpriseVeeva Vault, SharePoint, Workfront, CLM, regional drives
Audit & EvaluationCross-cloud patternExecution traces, policy logs, drift monitoring, replayability

Multi-tenancy was enforced across brand, region, and partner boundaries—ensuring each tenant had isolated retrieval scope, policy rules, and audit trails while sharing a common platform control plane.

User asksRetrieveGenerateCite

Sources: Veeva Vault · SharePoint · Workfront · CLM · Regional Drives

Data Integration Architecture
Veeva Vault
SharePoint
Workfront
CLM
RAG Engine
Embed → Index → Retrieve
MLR GateAudit
MS Teams
With Citations

CoCo System Context (C4 Diagram)

The MVP integrated with six primary platforms while abstracting over a broader fragmented ecosystem, all through a single conversation interface via Teams.

Loading diagram...

CoCo Governed Agent Workflow

End-to-end orchestration from user prompt through tenant-aware retrieval, MLR validation gate, and audit. Apache Airflow DAG on Amazon EKS.

CoCo Governed Agent Workflow

User asks in Microsoft TeamsAssign trace ID and tenant contextbrand · region · agency · roleBuild tenant-safe retrieval scopeRetrieve approved contentVeeva Vault · SharePoint · Workfront · Claims LibraryMap brand and region relationshipsGraph-aware retrieval contextQuery claims and templatestyped tools and internal APIsSynthesize response candidategrounded answer with citationsRun MLR policy checkfair balance · approved claims · blocked contentValidation gatepassuncertainfailDeliver to Microsoft TeamsRoute for clarificationEscalate to human reviewSchema validCitations presentPolicy passedTenant scope validConfidence highMissing citationsLow confidenceIncomplete structurePolicy blockedTenant boundary violationMLR failureWrite audit recordtrace logs · policy result · citationsEvaluation and feedback loopdrift monitoring · replayability · retrieval tuning

CoCo treated every model output as an untrusted artifact. The agent could retrieve, synthesize, and recommend, but nothing surfaced to users until it passed tenant-aware retrieval boundaries, citation checks, MLR policy gates, and confidence thresholds.

Security & Compliance Architecture

Defense-in-depth model designed to align with enterprise security and regulated-content control requirements, including controls relevant to HIPAA, SOC 2, and FDA 21 CFR Part 11 environments.

CoCo Security & Compliance ArchitectureEnterprise-grade data protection aligned with regulated-content control requirements1Perimeter SecurityNetwork edge protectionAzure WAFDDoS ProtectionGeo-filtering2Network SecurityInternal network controlsVNet isolationNSG rulesPrivate endpoints3Identity & AccessAuthentication and authorizationAzure ADRBACMFA4Application SecurityCode and runtime protectionAPI validationInput sanitizationOWASP Top 105Data ProtectionEncryption and maskingAES-256 at restTLS 1.3 in transitPII redaction6Audit & MonitoringLogging and alertingAzure MonitorLog AnalyticsSIEM integrationCertificationsSOC 2 Type II (aligned)HIPAA (relevant controls)ISO 27001 (aligned)FDA 21 CFR Part 11 (relevant controls)Security MetricsIncidents (12mo)0Audit Findings0Pen Test ScoreA+Compliance100%Defense-in-depth model: Each layer provides independent protection. Outer layers protect inner layers.

Disaster Recovery & Business Continuity

Composite operational profile based on production targets and observed ranges. Multi-region architecture with automated failover and tested recovery procedures.

RTO
2.5 hours
Target: < 4 hours
Met
RPO
15 minutes
Target: < 1 hour
Met
Failover Tests
Monthly
Target: Quarterly
Exceeded
Last DR Drill
28 days ago
Target: < 90 days
Met
DR Architecture
Primary Region: US-East
  • Azure AKS cluster (3 nodes)
  • Cosmos DB (multi-master)
  • Cognitive Search (standard tier)
DR Region: US-West
  • Hot standby AKS cluster
  • Geo-replicated storage
  • Traffic Manager failover
Tested Scenarios
ScenarioExpectedActualStatus
Single AZ failureAuto-heal <5min3 minutes
Region failureManual failover <4hr2.5 hours
Data corruptionPoint-in-time <1hr45 minutes

Implementation Timeline — 14-Week Program

From pre-discovery through full rollout stabilization, with key milestones and deliverables.

CoCo Implementation Timeline — 14-Week Program
W0W2W4Month 1W6W8Month 2W10W12Month 3W14Discovery2wArchitecture2wBuild & Integrate5wPilot2wFull Rollout2wKickoffArchitecture Sign-offMVP ReadyPilot CompleteGo-Live
Start
Checkpoint
Delivery
Go-Live
Phase Deliverables
Discovery
  • Stakeholder interviews
  • System mapping
  • Requirements doc
Architecture
  • RAG design
  • Integration specs
  • Security review
Build & Integrate
  • RAG pipeline
  • Veeva connector
  • Teams bot
  • MLR gateway
Pilot
  • 200 user pilot
  • Feedback loops
  • Performance tuning
Full Rollout
  • 1,000 users
  • Training complete
  • Runbooks handed off

Production RAG with governed retrieval and compliance gates.

CoCo doesn't replace Veeva, SharePoint, or Workfront. It sits on top. The systems of record remain authoritative. CoCo indexes their content, understands relationships, and retrieves the right information—with every answer traceable back to its source.

Built with clear SLOs: sub-second retrieval, 99.9% uptime, full audit trail. Every response includes citations. Every query is logged. MLR gateway validates compliance before content surfaces to users. Every agent decision carried a trace ID across retrieval, generation, validation, and tool execution—allowing full reconstruction of system behavior for debugging, audit, and evaluation.

Answers: "What's the fair balance for Abrysvo?"
Finds: "Find approved Comirnaty templates for US market."
Guides: "How do I submit to MLR?"
Service Latency (ms) — p50 / p95 / p99
RAG PipelineSLO: 300ms
180 / 280 / 450
MLR GatewaySLO: 100ms
45 / 85 / 120
Vector SearchSLO: 80ms
32 / 65 / 95
Citation EngineSLO: 50ms
15 / 35 / 55
Teams BotSLO: 400ms
220 / 380 / 520
Audit LoggerSLO: 30ms
8 / 15 / 25
p50p95p99

CoCo Service Health Dashboard

Illustrative service dashboard based on production targets and observed ranges. Target SLOs: p95 <300ms, 99.7% uptime, <0.1% error rate.

RAG Pipeline Healthy
Uptime
99.7%
p95 Latency
280ms
Error Rate
0.03%
MLR Gateway Healthy
Uptime
99.9%
p95 Latency
85ms
Error Rate
0.01%
Vector Search Healthy
Uptime
99.8%
p95 Latency
65ms
Error Rate
0.02%
Citation Engine Healthy
Uptime
99.95%
p95 Latency
35ms
Error Rate
0.01%
Teams Bot Healthy
Uptime
99.6%
p95 Latency
380ms
Error Rate
0.05%
Audit Logger Healthy
Uptime
99.99%
p95 Latency
15ms
Error Rate
0.001%
API Gateway Latency (24h)
020040060000:0006:0012:0018:0023:00
p50
p95
p99
Aggregate Metrics
Avg Uptime
99.82%
Avg Error Rate
0.02%
Total Throughput
34.4K
req/min
Active Incidents
0
services affected
Active Alerts
✓ All systems operational

Portable Multi-Tenant Agent Control Plane

Reference architecture showing the validation, orchestration, and observability pattern used to operate governed agent workflows across cloud environments, including AWS-aligned deployments. Click any phase to expand.

Total Steps
19
End-to-end pipeline
AWS Services
14
Native integrations
MCP Tools
5+
Typed tool interfaces
Trace Coverage
100%
Every decision logged
Design principle: Observability is a horizontal layer spanning every phase — not a box at the end. Every agent decision carries a parent OpenTelemetry span so the full reasoning chain can be reconstructed for any interaction. This pattern is cloud-portable: Azure-native for collaboration and identity, AWS-aligned for agent orchestration and evaluation.

Agentic onboarding: learn by doing, not by reading manuals.

Traditional onboarding fails at scale. You can't have 200 trainers for 1,000 new hires. CoCo turns onboarding into an agentic experience: new employees ask questions as they arise, get immediate answers with context, and become productive in days instead of months.

Trained 200+ users across content production, MLR review, and brand management. Created playbooks for common workflows. Established feedback loops to continuously improve retrieval quality.

Before

  • ✕ Week-long training
  • ✕ 200-page manual
  • ✕ 3-4 months to productive

After

  • ✓ Day-one access
  • ✓ Ask as you go
  • ✓ Productive in days
Enablement Metrics — 12 Week Trend
Users Onboarded+1900%
1000
Avg. Time to Productive-67%
7d
First-Pass Approval Rate+64%
95%
User Satisfaction (NPS)+91%
86

New Hire Onboarding Journey

From first day to first approval in under a week — powered by CoCo's guided assistance.

Goal: Create compliant content for Paxlovid campaign within first week
Day 1
Morning
First Search
Day 1-2
Content Creation
Day 2-3
MLR Submission
Day 3-4
First Approval
Day 5-7
EMOTIONAL JOURNEY
UncertainRelievedConfidentAccomplishedProud
TOUCHPOINTS
Teams Welcome
CoCo Introduction
CoCo Search
Template Library
CoCo Q&A
Claims Library
CoCo Process Guide
MLR System
MLR Notification
CoCo Celebration
PAIN POINTS
Overwhelmed by new systems
Learning brand specifics
Compliance uncertainty
Process complexity
OPPORTUNITIES
Immediate access to CoCo
Contextual suggestions
Real-time compliance hints
MLR pre-flight check
Success tracking dashboard

The Result

Publicis onboarded nearly 1,000 staff in time for peak vaccine season. MLR cycles dropped from 42 days to 14 days. Content throughput tripled. New hires were productive in days because CoCo was always there to answer questions, find content, and guide them through unfamiliar processes.

CoCo became the default way to work—not because it was mandated, but because it was faster. Today it serves as Pfizer's vaccines content backbone, with expansion planned for additional therapeutic areas.

42 days14 daysMLR Cycle Time
272/mo816/moAsset Throughput
25 min<1 minContent Search
Estimated Annual Value Summary
$2.08M
Est. Annual Savings
96.5%
Year 1 ROI
6 mo
Payback Period
490%
3-Year ROI
None
Material Compliance Issues

Estimated Annual Value Creation — $2.08M

Representative breakdown of estimated cost savings and productivity gains from CoCo deployment.

$0K$500K$1.0M$1.5M$2.0M$2.5MSearch Savings: +$780K$780KMLR Reduction: +$624K+$624KReduced Rework: +$456K+$456KFaster Onboarding: +$222K+$222KTotal Savings: +$2.1M$2.1MSearch SavingsMLR ReductionReduced ReworkFaster OnboardingTotal Savings
Total
Increase
Decrease

Total Cost of Ownership Analysis

Estimated investment breakdown vs. projected savings — 96.5% estimated ROI in Year 1.

Annual Investment: $1.06M
Azure Infrastructure$222K
OpenAI API Costs$98K
Cognitive Search$54K
Development Team$540K
Maintenance & Support$144K
Annual Savings: $2.08M
Search Time Savings$780K
MLR Cycle Reduction$624K
Reduced Rework$456K
Faster Onboarding$222K
Net Annual Benefit
$1.02M
Payback Period
6 months
Year 1 ROI
96.5%
3-Year ROI
490%

Lessons Learned

What Worked Well
  • Embedding with users for 2 weeks before coding — shadowing revealed the real bottlenecks
  • Graph-RAG for relationship mapping — dramatically improved cross-brand content discovery
  • Teams integration — zero friction adoption because CoCo met users where they worked
What We'd Do Differently
  • Started with smaller pilot (50 users) before scaling — initial feedback loop was too slow
  • Invested earlier in prompt engineering playbooks — inconsistent prompts caused retrieval variance
  • Built synthetic test datasets sooner — production testing delayed the feedback cycle

"The biggest ROI came not from the AI itself, but from finally having a single source of truth. CoCo forced us to clean up 20+ fragmented systems into one governed knowledge layer."