Transcript Document
4. qualityaustria Forum
Stvaranje mogućnosti
kroz nove zahteve!
Business Continuity Management
Ivana Tepčević
02.10.2013.g.
What is ISO 22301?
Source: IS&BCA, 2013
02-okt-13
4. qualityaustria Forum, Beograd
2
Standards
British standards
•
Business Continuity Institute (BCI), British Standard Institute (BSI)
•
PAS 56 Publicly Available Specification – Guide to Business Continuity
Management
•
•
BS 25999-1:2006, Business continuity management — Code of practice
BS 25999-2:2007, Business continuity management — Specification
International standards
•
ISO 22301:2012 Societal security — Business continuity management
systems — Requirements
•
ISO 22313 Societal security — Business continuity management systems —
Guidance
•
ISO 22398 Societal security — Guidelines for exercises and testing
•
ISO 31000 Risk Management Principles and Guidelines
02-okt-13
4. qualityaustria Forum, Beograd
3
Business Continuity
Management – definition
•
•
•
•
Holistic management process
Framework for resilience and response capability
Safeguard interests of key stakeholders
Identifies potential risks, threats and impacts
Business Continuity aims to safeguard the
interests of an organisation and its key
stakeholders by protecting its critical business
functions against predetermined disruptions (ISO
22301:2012).
02-okt-13
4. qualityaustria Forum, Beograd
4
Principal drivers
Corporate governance;
Regulation/legislation;
Local
Government 92%
Central Government
Corporate governance;
Regulation/legislation;
Finance
Insurance 85%
Auditors
Corporate governance;
Regulation/legislation;
Health
and Social Care 74%
Public sector procurement
Customers;
ManufacturingInsurers;
and Production 58%
Corporate governance
Customers;
CorporateServices
governance;
Business
40%
Regulation/legislation and
Investors/shareholders
02-okt-13
Central Government;
Corporate
governance;
Central
Government
85%
Public sector procurement
Regulation/legislation;
Corporate
governance;
Utilities
81%
Customers
Corporate governance;
Regulation/legislation;
Transport
and Logistics 69%
Customers
Corporate governance;
Customers;
Education
52%
Regulation/legislation
Customers;
Construction 31%
Corporate governance;
4. qualityaustria Forum, Beograd
Insurers
5
Major crisis for mobile-phone
giants
Source: Logistics Europe February 2004
•
•
•
Background
– Booming mobile phone industry
– Philips semiconductor plant in
Albuquerque (USA)
– Produced mobile phone chips,
crucial components
– 40% of output to:
• Nokia, Finland
• Ericsson, Sweden
The incident
– Furnace fire caused by lightning
bolt
– Brought under control in minutes
– Smoke and water damage
The impact
– Flow of chips suddenly stopped
– Weeks to get plant up to capacity
Nokia
•Monitored supply chain
•Took immediate action to secure supply
•Reconfigured manufacturing to accommodate
different specification
Ericsson
•Took supplier word that not a major problem
•Delayed taking remedial action (2 weeks)
02-okt-13
4. qualityaustria Forum, Beograd
6
Key risk areas – business
impact
• People
• Information and Data
• Buildings, work environment and associated
utilities
• Facilities equipment and consumables
• ICT Systems
• Transportation
• Finance
• Partners and Suppliers
02-okt-13
4. qualityaustria Forum, Beograd
7
What to plan for?
02-okt-13
4. qualityaustria Forum, Beograd
8
Major cause of organizational
disruption in 2012
Source: CMI, BCM Survey 2013
• Winter weather –
77%
• Loss of people due to
illness – 42%
• Loss of IT – 40%
• Loss of
telecommunications –
27%
02-okt-13
4. qualityaustria Forum, Beograd
9
Value of crisis management
Crisis
event
Lost time/productivity
02-okt-13
With
crisis management
Negative impact
It reduces the
negative
impact and
speeds
recovery from
all kinds of
corporate
crises
Without
crisis management
Time
Damage to
financial results,
reputation and
key relationships
4. qualityaustria Forum, Beograd
10
BCM compatibility PDCA
Risk
Treatment
Increase /
Retain
Avoid/
Remove/
Change
Residual
Risk
02-okt-13
4. qualityaustria Forum, Beograd
Share
Business
Continuity
11
BCM checklist
• Scope and Objective
• Gain a understanding of your business
• Assess the Risk
• Evaluate potential continuity arrangements
• Define your strategy
• Develop your continuity plans
• Maintain, train and exercise continuity plans
02-okt-13
4. qualityaustria Forum, Beograd
12
Organization and its context
02-okt-13
4. qualityaustria Forum, Beograd
13
02-okt-13
4. qualityaustria Forum, Beograd
14
02-okt-13
4. qualityaustria Forum, Beograd
15
BCM objectives
Clearly stated;
Be consistent with the policy; SMART
Take account of applicable needs and requirements;
Enable opportunities to maintain or improve
performance;
• Be monitored and updated as appropriate.
•
•
•
•
In order to ensure that these objectives will be achieved,
the organizations should determine:
• Who will be responsible;
• What will be done and when it will be completed; and
• How the results will be evaluated.
02-okt-13
4. qualityaustria Forum, Beograd
16
Components of BCM
arrangements
90
80
70
60
50
40
30
20
10
0
Arrangement
IT backup
s for remote
arrangements
working
Series1
84
79
Site
emergency
plan
Moving staff
to alternative
site
Contact
cascade
70
62
58
Access to
Media
alternative
response to
utility services
continuity
(backup
issues
generator)
49
45
Alternative
suppliers
34
Source: CMI, BCM Survey 2013
02-okt-13
4. qualityaustria Forum, Beograd
17
Be prepared
Business continuity plan
Emergency
Response
• Initial control of
emergency situation
• Safeguarding human life,
protecting physical
assets, minimizing
damage/business impact •
avoiding environmental
•
contamination
• Stabilizing, security,
damage assessment
•
Crisis
Management
Strategic direction/policy
issues
Business
Crisis communications –
Recovery
internal and external
(media)
• Phased recovery of
Outward facing liaison business-critical
stakeholders, users etc.
processes
• Co-ordination of service
recovery efforts
Disaster
Recovery
• Recovery of infrastructure
and services
• Returning to “business
as normal”
02-okt-13
4. qualityaustria Forum, Beograd
18
Benefits of BCM
•
•
•
•
Improves business resilience (86%)
Helps protect their reputation (74%)
Meets customer requirements (72%)
It helped their organization to recover from
disruption more quickly than would otherwise have
been the case (85%).
Source: CMI, BCM Survey 2013
02-okt-13
4. qualityaustria Forum, Beograd
19
Evaluating BCM against
established standards
• Legislation (e.g. statutory requirements)
• Regulations (e.g. industry specific requirements)
• ISO 22301, ISO 27001, ITIL/ISO 20000
• BCI’s Good Practice Guidelines
• BS 25999
• Other organizations
02-okt-13
4. qualityaustria Forum, Beograd
20
Resume
• Start with an understanding of your business, not with
the threat - business impact analysis takes precedence
over risk assessment
• Review and test BCM regularly
• Keep informed
• Do not neglect the supply chain
• Be clear about management roles and responsibilities
• SMEs in particular should consider how they can use
BCM in a proportionate way to improve their resilience
02-okt-13
4. qualityaustria Forum, Beograd
21
Hvala na pažnji!
www.qa-center.net
4. qualityaustria Forum, Beograd