Deal Highlights: Global + Germany / Austria / Switzerland. 5th FinTech Forum, Vienna
4. quality austria Forum
22
4. qualityaustria Forum Business Continuity Management Ivana Tepčević Stvaranje mogućnosti kroz nove zahteve! 02.10.2013.g.
description
4. quality austria Forum. Stvaranje mogućnosti kroz nove zahteve !. Business Continuity Management. Ivana Tepčević. What is ISO 22301?. Source: IS & B C A, 2013. S tandards. British standards Business Continuity Institute (BCI ), British Standard Institute (BSI) - PowerPoint PPT Presentation
Transcript of 4. quality austria Forum
4. qualityaustria Forum
Business Continuity ManagementIvana Tepčević
Stvaranje mogućnosti kroz nove zahteve!
02.10.2013.g.
2
What is ISO 22301?
02-okt-13 4. qualityaustria Forum, Beograd
Source: IS&BCA, 2013
StandardsBritish standards• Business Continuity Institute (BCI), British Standard Institute (BSI)
• PAS 56 Publicly Available Specification – Guide to Business Continuity Management
• BS 25999-1:2006, Business continuity management — Code of practice • BS 25999-2:2007, Business continuity management — Specification
International standards• ISO 22301:2012 Societal security — Business continuity management systems —
Requirements
• ISO 22313 Societal security — Business continuity management systems — Guidance
• ISO 22398 Societal security — Guidelines for exercises and testing
• ISO 31000 Risk Management Principles and Guidelines
02-okt-13 4. qualityaustria Forum, Beograd 3
Business Continuity Management – definition
• Holistic management process• Framework for resilience and response capability• Safeguard interests of key stakeholders• Identifies potential risks, threats and impacts
02-okt-13 4. qualityaustria Forum, Beograd 4
Business Continuity aims to safeguard the interests of an organisation and its key
stakeholders by protecting its critical business functions against predetermined disruptions (ISO
22301:2012).
Principal drivers
02-okt-13 4. qualityaustria Forum, Beograd 5
Local Government 92% Central Government 85%
Finance Insurance 85% Utilities 81%
Health and Social Care 74% Transport and Logistics 69%
Manufacturing and Production 58%
Education 52%
Business Services 40% Construction 31%
Corporate governance;Regulation/legislation;Central Government
Central Government; Corporate governance;
Public sector procurement
Corporate governance; Regulation/legislation;
Auditors
Regulation/legislation; Corporate governance;
Customers
Corporate governance; Regulation/legislation;
Public sector procurement
Corporate governance; Regulation/legislation;
Customers
Customers;Insurers;
Corporate governance
Corporate governance;Customers;
Regulation/legislationCustomers;
Corporate governance;Regulation/legislation and
Investors/shareholders
Customers; Corporate governance;
Insurers
6
Major crisis for mobile-phone giants
02-okt-13 4. qualityaustria Forum, Beograd
• Background– Booming mobile phone industry– Philips semiconductor plant in
Albuquerque (USA)– Produced mobile phone chips,
crucial components– 40% of output to:
• Nokia, Finland• Ericsson, Sweden
• The incident– Furnace fire caused by lightning
bolt– Brought under control in minutes– Smoke and water damage
• The impact– Flow of chips suddenly stopped– Weeks to get plant up to capacity
Nokia • Monitored supply chain• Took immediate action to secure supply• Reconfigured manufacturing to accommodate different specification
Ericsson• Took supplier word that not a major problem• Delayed taking remedial action (2 weeks)
Source: Logistics Europe February 2004
Key risk areas – business impact
• People• Information and Data• Buildings, work environment and associated
utilities• Facilities equipment and consumables• ICT Systems• Transportation• Finance • Partners and Suppliers
02-okt-13 4. qualityaustria Forum, Beograd 7
What to plan for?
02-okt-13 4. qualityaustria Forum, Beograd 8
9
Major cause of organizational disruption in 2012
02-okt-134. qualityaustria Forum, Beograd
Source: CMI, BCM Survey 2013
• Winter weather – 77%
• Loss of people due to illness – 42%
• Loss of IT – 40%
• Loss of telecommunications – 27%
Value of crisis management
02-okt-13 4. qualityaustria Forum, Beograd 10
Without crisis management
Damage tofinancial results,
reputation andkey relationships
Lost time/productivity
TimeIt reduces thenegative impact and speeds recovery from all kinds of corporate crises
Negati
ve im
pact
With crisis management
CrisiseventCrisisevent
BCM compatibility PDCA
02-okt-13 4. qualityaustria Forum, Beograd 11
Risk Treatment
Residual Risk
ShareAvoid/
Remove/ Change
Increase / Retain
Business Continuity
BCM checklist
• Scope and Objective
• Gain a understanding of your business
• Assess the Risk
• Evaluate potential continuity arrangements
• Define your strategy
• Develop your continuity plans
• Maintain, train and exercise continuity plans
02-okt-13 4. qualityaustria Forum, Beograd 12
Organization and its context
02-okt-13 4. qualityaustria Forum, Beograd 13
02-okt-13 4. qualityaustria Forum, Beograd 14
1502-okt-13 4. qualityaustria Forum, Beograd
BCM objectives• Clearly stated; • Be consistent with the policy; SMART• Take account of applicable needs and requirements; • Enable opportunities to maintain or improve
performance; • Be monitored and updated as appropriate.
In order to ensure that these objectives will be achieved, the organizations should determine:
• Who will be responsible; • What will be done and when it will be completed; and • How the results will be evaluated.
02-okt-13 4. qualityaustria Forum, Beograd 16
Components of BCM arrangements
02-okt-13 4. qualityaustria Forum, Beograd 17
IT backup ar-rangements
Arrange-ments for re-mote working
Site emer-gency plan
Moving staff to alternative
site
Contact cas-cade
Media re-sponse to
continuity is-sues
Access to al-ternative util-ity services
(backup gen-erator)
Alternative suppliers
Series1 84 79 70 62 58 49 45 34
5
15
25
35
45
55
65
75
85
Source: CMI, BCM Survey 2013
Be prepared
02-okt-13 4. qualityaustria Forum, Beograd 18
DisasterRecovery
Emergency Response
Crisis Management
BusinessRecovery
Business continuity plan
• Initial control of emergency situation
• Safeguarding human life, protecting physical assets, minimizing damage/business impact avoiding environmental contamination
• Stabilizing, security, damage assessment
• Strategic direction/policy issues
• Crisis communications – internal and external (media)
• Outward facing liaison - stakeholders, users etc.
• Co-ordination of service recovery efforts
• Phased recovery of business-critical processes
• Recovery of infrastructure and services
• Returning to “business as normal”
Benefits of BCM
• Improves business resilience (86%)• Helps protect their reputation (74%)• Meets customer requirements (72%)• It helped their organization to recover from
disruption more quickly than would otherwise have been the case (85%).
02-okt-13 4. qualityaustria Forum, Beograd 19
Source: CMI, BCM Survey 2013
Evaluating BCM against established standards
02-okt-13 4. qualityaustria Forum, Beograd 20
• Legislation (e.g. statutory requirements)
• Regulations (e.g. industry specific requirements)
• ISO 22301, ISO 27001, ITIL/ISO 20000
• BCI’s Good Practice Guidelines
• BS 25999
• Other organizations
Resume
02-okt-13 4. qualityaustria Forum, Beograd 21
• Start with an understanding of your business, not with the threat - business impact analysis takes precedence over risk assessment
• Review and test BCM regularly
• Keep informed
• Do not neglect the supply chain
• Be clear about management roles and responsibilities
• SMEs in particular should consider how they can use BCM in a proportionate way to improve their resilience
Hvala na pažnji!
www.qa-center.net
4. qualityaustria Forum, Beograd
