Embed Size (px)
DESCRIPTION
4. quality austria Forum. Stvaranje mogućnosti kroz nove zahteve !. Business Continuity Management. Ivana Tepčević. What is ISO 22301?. Source: IS & B C A, 2013. S tandards. British standards Business Continuity Institute (BCI ), British Standard Institute (BSI) - PowerPoint PPT Presentation
Citation preview
4. qualityaustria Forum
Business Continuity ManagementIvana Tepčević
Stvaranje mogućnosti kroz nove zahteve!
02.10.2013.g.
2
What is ISO 22301?
02-okt-13 4. qualityaustria Forum, Beograd
Source: IS&BCA, 2013
StandardsBritish standards• Business Continuity Institute (BCI), British Standard Institute (BSI)
• PAS 56 Publicly Available Specification – Guide to Business Continuity Management
• BS 25999-1:2006, Business continuity management — Code of practice • BS 25999-2:2007, Business continuity management — Specification
International standards• ISO 22301:2012 Societal security — Business continuity management systems —
Requirements
• ISO 22313 Societal security — Business continuity management systems — Guidance
• ISO 22398 Societal security — Guidelines for exercises and testing
• ISO 31000 Risk Management Principles and Guidelines
02-okt-13 4. qualityaustria Forum, Beograd 3
Business Continuity Management – definition
• Holistic management process• Framework for resilience and response capability• Safeguard interests of key stakeholders• Identifies potential risks, threats and impacts
02-okt-13 4. qualityaustria Forum, Beograd 4
Business Continuity aims to safeguard the interests of an organisation and its key
stakeholders by protecting its critical business functions against predetermined disruptions (ISO
22301:2012).
Principal drivers
02-okt-13 4. qualityaustria Forum, Beograd 5
Local Government 92% Central Government 85%
Finance Insurance 85% Utilities 81%
Health and Social Care 74% Transport and Logistics 69%
Manufacturing and Production 58%
Education 52%
Business Services 40% Construction 31%
Corporate governance;Regulation/legislation;Central Government
Central Government; Corporate governance;
Public sector procurement
Corporate governance; Regulation/legislation;
Auditors
Regulation/legislation; Corporate governance;
Customers
Corporate governance; Regulation/legislation;
Public sector procurement
Corporate governance; Regulation/legislation;
Customers
Customers;Insurers;
Corporate governance
Corporate governance;Customers;
Regulation/legislationCustomers;
Corporate governance;Regulation/legislation and
Investors/shareholders
Customers; Corporate governance;
Insurers
6
Major crisis for mobile-phone giants
02-okt-13 4. qualityaustria Forum, Beograd
• Background– Booming mobile phone industry– Philips semiconductor plant in
Albuquerque (USA)– Produced mobile phone chips,
crucial components– 40% of output to:
• Nokia, Finland• Ericsson, Sweden
• The incident– Furnace fire caused by lightning
bolt– Brought under control in minutes– Smoke and water damage
• The impact– Flow of chips suddenly stopped– Weeks to get plant up to capacity
Nokia • Monitored supply chain• Took immediate action to secure supply• Reconfigured manufacturing to accommodate different specification
Ericsson• Took supplier word that not a major problem• Delayed taking remedial action (2 weeks)
Source: Logistics Europe February 2004
Key risk areas – business impact
• People• Information and Data• Buildings, work environment and associated
utilities• Facilities equipment and consumables• ICT Systems• Transportation• Finance • Partners and Suppliers
02-okt-13 4. qualityaustria Forum, Beograd 7
What to plan for?
02-okt-13 4. qualityaustria Forum, Beograd 8
9
Major cause of organizational disruption in 2012
02-okt-134. qualityaustria Forum, Beograd
Source: CMI, BCM Survey 2013
• Winter weather – 77%
• Loss of people due to illness – 42%
• Loss of IT – 40%
• Loss of telecommunications – 27%
Value of crisis management
02-okt-13 4. qualityaustria Forum, Beograd 10
Without crisis management
Damage tofinancial results,
reputation andkey relationships
Lost time/productivity
TimeIt reduces thenegative impact and speeds recovery from all kinds of corporate crises
Negati
ve im
pact
With crisis management
CrisiseventCrisisevent
BCM compatibility PDCA
02-okt-13 4. qualityaustria Forum, Beograd 11
Risk Treatment
Residual Risk
ShareAvoid/
Remove/ Change
Increase / Retain
Business Continuity
BCM checklist
• Scope and Objective
• Gain a understanding of your business
• Assess the Risk
• Evaluate potential continuity arrangements
• Define your strategy
• Develop your continuity plans
• Maintain, train and exercise continuity plans
02-okt-13 4. qualityaustria Forum, Beograd 12
Organization and its context
02-okt-13 4. qualityaustria Forum, Beograd 13
02-okt-13 4. qualityaustria Forum, Beograd 14
1502-okt-13 4. qualityaustria Forum, Beograd
BCM objectives• Clearly stated; • Be consistent with the policy; SMART• Take account of applicable needs and requirements; • Enable opportunities to maintain or improve
performance; • Be monitored and updated as appropriate.
In order to ensure that these objectives will be achieved, the organizations should determine:
• Who will be responsible; • What will be done and when it will be completed; and • How the results will be evaluated.
02-okt-13 4. qualityaustria Forum, Beograd 16
Components of BCM arrangements
02-okt-13 4. qualityaustria Forum, Beograd 17
IT backup ar-rangements
Arrange-ments for re-mote working
Site emer-gency plan
Moving staff to alternative
site
Contact cas-cade
Media re-sponse to
continuity is-sues
Access to al-ternative util-ity services
(backup gen-erator)
Alternative suppliers
Series1 84 79 70 62 58 49 45 34
5
15
25
35
45
55
65
75
85
Source: CMI, BCM Survey 2013
Be prepared
02-okt-13 4. qualityaustria Forum, Beograd 18
DisasterRecovery
Emergency Response
Crisis Management
BusinessRecovery
Business continuity plan
• Initial control of emergency situation
• Safeguarding human life, protecting physical assets, minimizing damage/business impact avoiding environmental contamination
• Stabilizing, security, damage assessment
• Strategic direction/policy issues
• Crisis communications – internal and external (media)
• Outward facing liaison - stakeholders, users etc.
• Co-ordination of service recovery efforts
• Phased recovery of business-critical processes
• Recovery of infrastructure and services
• Returning to “business as normal”
Benefits of BCM
• Improves business resilience (86%)• Helps protect their reputation (74%)• Meets customer requirements (72%)• It helped their organization to recover from
disruption more quickly than would otherwise have been the case (85%).
02-okt-13 4. qualityaustria Forum, Beograd 19
Source: CMI, BCM Survey 2013
Evaluating BCM against established standards
02-okt-13 4. qualityaustria Forum, Beograd 20
• Legislation (e.g. statutory requirements)
• Regulations (e.g. industry specific requirements)
• ISO 22301, ISO 27001, ITIL/ISO 20000
• BCI’s Good Practice Guidelines
• BS 25999
• Other organizations
Resume
02-okt-13 4. qualityaustria Forum, Beograd 21
• Start with an understanding of your business, not with the threat - business impact analysis takes precedence over risk assessment
• Review and test BCM regularly
• Keep informed
• Do not neglect the supply chain
• Be clear about management roles and responsibilities
• SMEs in particular should consider how they can use BCM in a proportionate way to improve their resilience
Hvala na pažnji!
www.qa-center.net
4. qualityaustria Forum, Beograd
