Transcript Document
4. qualityaustria Forum Stvaranje mogućnosti kroz nove zahteve! Business Continuity Management Ivana Tepčević 02.10.2013.g. What is ISO 22301? Source: IS&BCA, 2013 02-okt-13 4. qualityaustria Forum, Beograd 2 Standards British standards • Business Continuity Institute (BCI), British Standard Institute (BSI) • PAS 56 Publicly Available Specification – Guide to Business Continuity Management • • BS 25999-1:2006, Business continuity management — Code of practice BS 25999-2:2007, Business continuity management — Specification International standards • ISO 22301:2012 Societal security — Business continuity management systems — Requirements • ISO 22313 Societal security — Business continuity management systems — Guidance • ISO 22398 Societal security — Guidelines for exercises and testing • ISO 31000 Risk Management Principles and Guidelines 02-okt-13 4. qualityaustria Forum, Beograd 3 Business Continuity Management – definition • • • • Holistic management process Framework for resilience and response capability Safeguard interests of key stakeholders Identifies potential risks, threats and impacts Business Continuity aims to safeguard the interests of an organisation and its key stakeholders by protecting its critical business functions against predetermined disruptions (ISO 22301:2012). 02-okt-13 4. qualityaustria Forum, Beograd 4 Principal drivers Corporate governance; Regulation/legislation; Local Government 92% Central Government Corporate governance; Regulation/legislation; Finance Insurance 85% Auditors Corporate governance; Regulation/legislation; Health and Social Care 74% Public sector procurement Customers; ManufacturingInsurers; and Production 58% Corporate governance Customers; CorporateServices governance; Business 40% Regulation/legislation and Investors/shareholders 02-okt-13 Central Government; Corporate governance; Central Government 85% Public sector procurement Regulation/legislation; Corporate governance; Utilities 81% Customers Corporate governance; Regulation/legislation; Transport and Logistics 69% Customers Corporate governance; Customers; Education 52% Regulation/legislation Customers; Construction 31% Corporate governance; 4. qualityaustria Forum, Beograd Insurers 5 Major crisis for mobile-phone giants Source: Logistics Europe February 2004 • • • Background – Booming mobile phone industry – Philips semiconductor plant in Albuquerque (USA) – Produced mobile phone chips, crucial components – 40% of output to: • Nokia, Finland • Ericsson, Sweden The incident – Furnace fire caused by lightning bolt – Brought under control in minutes – Smoke and water damage The impact – Flow of chips suddenly stopped – Weeks to get plant up to capacity Nokia •Monitored supply chain •Took immediate action to secure supply •Reconfigured manufacturing to accommodate different specification Ericsson •Took supplier word that not a major problem •Delayed taking remedial action (2 weeks) 02-okt-13 4. qualityaustria Forum, Beograd 6 Key risk areas – business impact • People • Information and Data • Buildings, work environment and associated utilities • Facilities equipment and consumables • ICT Systems • Transportation • Finance • Partners and Suppliers 02-okt-13 4. qualityaustria Forum, Beograd 7 What to plan for? 02-okt-13 4. qualityaustria Forum, Beograd 8 Major cause of organizational disruption in 2012 Source: CMI, BCM Survey 2013 • Winter weather – 77% • Loss of people due to illness – 42% • Loss of IT – 40% • Loss of telecommunications – 27% 02-okt-13 4. qualityaustria Forum, Beograd 9 Value of crisis management Crisis event Lost time/productivity 02-okt-13 With crisis management Negative impact It reduces the negative impact and speeds recovery from all kinds of corporate crises Without crisis management Time Damage to financial results, reputation and key relationships 4. qualityaustria Forum, Beograd 10 BCM compatibility PDCA Risk Treatment Increase / Retain Avoid/ Remove/ Change Residual Risk 02-okt-13 4. qualityaustria Forum, Beograd Share Business Continuity 11 BCM checklist • Scope and Objective • Gain a understanding of your business • Assess the Risk • Evaluate potential continuity arrangements • Define your strategy • Develop your continuity plans • Maintain, train and exercise continuity plans 02-okt-13 4. qualityaustria Forum, Beograd 12 Organization and its context 02-okt-13 4. qualityaustria Forum, Beograd 13 02-okt-13 4. qualityaustria Forum, Beograd 14 02-okt-13 4. qualityaustria Forum, Beograd 15 BCM objectives Clearly stated; Be consistent with the policy; SMART Take account of applicable needs and requirements; Enable opportunities to maintain or improve performance; • Be monitored and updated as appropriate. • • • • In order to ensure that these objectives will be achieved, the organizations should determine: • Who will be responsible; • What will be done and when it will be completed; and • How the results will be evaluated. 02-okt-13 4. qualityaustria Forum, Beograd 16 Components of BCM arrangements 90 80 70 60 50 40 30 20 10 0 Arrangement IT backup s for remote arrangements working Series1 84 79 Site emergency plan Moving staff to alternative site Contact cascade 70 62 58 Access to Media alternative response to utility services continuity (backup issues generator) 49 45 Alternative suppliers 34 Source: CMI, BCM Survey 2013 02-okt-13 4. qualityaustria Forum, Beograd 17 Be prepared Business continuity plan Emergency Response • Initial control of emergency situation • Safeguarding human life, protecting physical assets, minimizing damage/business impact • avoiding environmental • contamination • Stabilizing, security, damage assessment • Crisis Management Strategic direction/policy issues Business Crisis communications – Recovery internal and external (media) • Phased recovery of Outward facing liaison business-critical stakeholders, users etc. processes • Co-ordination of service recovery efforts Disaster Recovery • Recovery of infrastructure and services • Returning to “business as normal” 02-okt-13 4. qualityaustria Forum, Beograd 18 Benefits of BCM • • • • Improves business resilience (86%) Helps protect their reputation (74%) Meets customer requirements (72%) It helped their organization to recover from disruption more quickly than would otherwise have been the case (85%). Source: CMI, BCM Survey 2013 02-okt-13 4. qualityaustria Forum, Beograd 19 Evaluating BCM against established standards • Legislation (e.g. statutory requirements) • Regulations (e.g. industry specific requirements) • ISO 22301, ISO 27001, ITIL/ISO 20000 • BCI’s Good Practice Guidelines • BS 25999 • Other organizations 02-okt-13 4. qualityaustria Forum, Beograd 20 Resume • Start with an understanding of your business, not with the threat - business impact analysis takes precedence over risk assessment • Review and test BCM regularly • Keep informed • Do not neglect the supply chain • Be clear about management roles and responsibilities • SMEs in particular should consider how they can use BCM in a proportionate way to improve their resilience 02-okt-13 4. qualityaustria Forum, Beograd 21 Hvala na pažnji! www.qa-center.net 4. qualityaustria Forum, Beograd