1 / 22

4. quality austria Forum

4. quality austria Forum. Stvaranje mogućnosti kroz nove zahteve !. Business Continuity Management. Ivana Tepčević. What is ISO 22301?. Source: IS & B C A, 2013. S tandards. British standards Business Continuity Institute (BCI ), British Standard Institute (BSI)

kylar
Download Presentation

4. quality austria Forum

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 4. qualityaustria Forum Stvaranjemogućnosti kroznovezahteve! Business Continuity Management Ivana Tepčević

  2. What is ISO 22301? Source: IS&BCA, 2013 4. qualityaustria Forum, Beograd

  3. Standards British standards • Business Continuity Institute (BCI), British Standard Institute (BSI) • PAS 56 Publicly Available Specification – Guide to Business Continuity Management • BS 25999-1:2006, Business continuity management — Code of practice • BS 25999-2:2007, Business continuity management — Specification International standards • ISO 22301:2012 Societal security — Business continuity management systems — Requirements • ISO 22313 Societal security — Business continuity management systems — Guidance • ISO 22398 Societal security — Guidelines for exercises and testing • ISO 31000 Risk Management Principles and Guidelines 4. qualityaustria Forum, Beograd

  4. Business Continuity Management – definition • Holistic management process • Framework for resilience and response capability • Safeguard interests of key stakeholders • Identifies potential risks, threats and impacts Business Continuity aims to safeguard the interests of an organisation and its key stakeholders by protecting its critical business functions against predetermined disruptions (ISO 22301:2012). 4. qualityaustria Forum, Beograd

  5. Principal drivers 4. qualityaustria Forum, Beograd

  6. Major crisis for mobile-phone giants Source: Logistics Europe February 2004 • Background • Booming mobile phone industry • Philips semiconductor plant in Albuquerque (USA) • Produced mobile phone chips, crucial components • 40% of output to: • Nokia, Finland • Ericsson, Sweden • The incident • Furnace fire caused by lightning bolt • Brought under control in minutes • Smoke and water damage • The impact • Flow of chips suddenly stopped • Weeks to get plant up to capacity • Nokia • Monitored supply chain • Took immediate action to secure supply • Reconfigured manufacturing to accommodate different specification • Ericsson • Took supplier word that not a major problem • Delayed taking remedial action (2 weeks) 4. qualityaustria Forum, Beograd

  7. Key risk areas – business impact • People • Information and Data • Buildings, work environment and associated utilities • Facilities equipment and consumables • ICT Systems • Transportation • Finance • Partners and Suppliers 4. qualityaustria Forum, Beograd

  8. What to plan for? 4. qualityaustria Forum, Beograd

  9. Major cause of organizational disruption in 2012 Source: CMI, BCM Survey 2013 • Winter weather – 77% • Loss of people due to illness – 42% • Loss of IT – 40% • Loss of telecommunications – 27% 4. qualityaustria Forum, Beograd

  10. With crisis management Value of crisis management Crisis event Lost time/productivity Without crisis management It reduces thenegative impact and speeds recovery from all kinds of corporate crises Time Damage to financial results, reputation andkey relationships Negative impact 4. qualityaustria Forum, Beograd

  11. BCM compatibility PDCA Risk Treatment Increase / Retain Avoid/ Remove/ Change Share Residual Risk Business Continuity 4. qualityaustria Forum, Beograd

  12. BCM checklist • Scope and Objective • Gain a understanding of your business • Assess the Risk • Evaluate potential continuity arrangements • Define your strategy • Develop your continuity plans • Maintain, train and exercise continuity plans 4. qualityaustria Forum, Beograd

  13. Organization and its context 4. qualityaustria Forum, Beograd

  14. 4. qualityaustria Forum, Beograd

  15. 4. qualityaustria Forum, Beograd

  16. BCM objectives • Clearly stated; • Be consistent with the policy; SMART • Take account of applicable needs and requirements; • Enable opportunities to maintain or improve performance; • Be monitored and updated as appropriate. In order to ensure that these objectives will be achieved, the organizations should determine: • Who will be responsible; • What will be done and when it will be completed; and • How the results will be evaluated. 4. qualityaustria Forum, Beograd

  17. Components of BCM arrangements Source: CMI, BCM Survey 2013 4. qualityaustria Forum, Beograd

  18. Be prepared Business continuity plan Emergency Response • Initial control of emergency situation • Safeguarding human life, protecting physical assets, minimizing damage/business impact avoiding environmental contamination • Stabilizing, security, damage assessment Crisis Management • Strategic direction/policy issues • Crisis communications – internal and external (media) • Outward facing liaison - stakeholders, users etc. • Co-ordination of service recovery efforts Business Recovery • Phased recovery of business-critical processes • Recovery of infrastructure and services • Returning to “business as normal” Disaster Recovery 4. qualityaustria Forum, Beograd

  19. Benefits of BCM • Improves business resilience (86%) • Helps protect their reputation (74%) • Meets customer requirements (72%) • It helped their organization to recover from disruption more quickly than would otherwise have been the case (85%). Source: CMI, BCM Survey 2013 4. qualityaustria Forum, Beograd

  20. Evaluating BCM against established standards • Legislation (e.g. statutory requirements) • Regulations (e.g. industry specific requirements) • ISO 22301, ISO 27001, ITIL/ISO 20000 • BCI’s Good Practice Guidelines • BS 25999 • Other organizations 4. qualityaustria Forum, Beograd

  21. Resume • Start with an understanding of your business, not with the threat - business impact analysis takes precedence over risk assessment • Review and test BCM regularly • Keep informed • Do not neglect the supply chain • Be clear about management roles and responsibilities • SMEs in particular should consider how they can use BCM in a proportionate way to improve their resilience 4. qualityaustria Forum, Beograd

  22. Hvala na pažnji! www.qa-center.net 4. qualityaustria Forum, Beograd

More Related