Business Continuity Management



Similar documents
Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Coping with a major business disruption. Some practical advice

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

Business Risk Consulting Group. Strengthening Business Resilience

Desktop Scenario Self Assessment Exercise Page 1

Developing a Business Continuity Plan... More Than Disaster

Principles for BCM requirements for the Dutch financial sector and its providers.

Business Continuity Planning and Disaster Recovery Planning

Chapter I: Fundamentals of Business Continuity Management

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

Business Resiliency Business Continuity Management - January 14, 2014

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

Business Continuity Planning (800)

Business Continuity Management

Moving from BS to ISO The new international standard for business continuity management systems. Transition Guide

Company Management System. Business Continuity in SIA

Business Continuity Planning. Presentation and. Direction

Business Continuity Planning Instructions

BUSINESS CONTINUITY PLAN

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

Business Continuity Policy

Business Continuity and Disaster Planning

The PNC Financial Services Group, Inc. Business Continuity Program

Disaster Recovery and Business Continuity Plan

Business Continuity Management Policy

Business Continuity and Disaster Recovery Planning

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

NHS 24 - Business Continuity Strategy

How To Manage A Disruption Event

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Temple university. Auditing a business continuity management BCM. November, 2015

Business Continuity Management AIRM Presentation

Business Continuity Plan

Business Continuity Management

ERM006 ERM and Business Continuity Management: Together at Last RIMS Annual Conference April 13, 2016

Proposal for Business Continuity Plan and Management Review 6 August 2008

Creating a Business Continuity Plan for your Health Center

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

Business Continuity Project Planning Process for Educational Institution

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

Business Continuity Management

The PNC Financial Services Group, Inc. Business Continuity Program

Risk Management Guidelines

1.0 Policy Statement / Intentions (FOIA - Open)

Need to protect your business from potential disruption? Prepare for the unexpected with ISO

Business Continuity Management Framework

Emergency Response and Business Continuity Management Policy

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

INFOSEC.MY KNOWLEDGE SHARING SESSION

Business, Resiliency and Effective Disaster Recovery. Anne Kleffner, PhD Haskayne School of Business, University of Calgary

Reputational risk and crisis management

BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE

BS BUSINESS CONTINUITY MANAGEMENT

Why Should Companies Take a Closer Look at Business Continuity Planning?

Prepared by Rod Davis, ABCP, MCSA November, 2011

Business Continuity Management Program Development Guide

Enterprise risk management and business continuity management Together at last

Overview of how to test a. Business Continuity Plan

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.

Unit Guide to Business Continuity/Resumption Planning

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy Business Continuity Policy Statement 2015

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

Risk Management How to manage your brand & build business resilience to improve your bottom line

Deciding what opportunities to fund, which risks to protect

Business Continuity & Disaster Recovery

Fundamentals of Business Continuity Planning Have a Plan!

BUSINESS CONTINUITY MANAGEMENT POLICY

PBSi Business Continuity Planning

PRACTICAL APPLICATIONS FOR BUSINESS CONTINUITY MANAGEMENT

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

MHA Consulting. Business Continuity Management 101

Leveraging the IT Service Continuity Management framework Gord Novoselnik Business Continuity Office Enterprise Solutions Division

Business Continuity Management and BS by Steve Chan, Head of Training - HK, BSI Management Systems

How To Manage A Financial Institution

Business Continuity Planning

Business Continuity Management Software

Business Continuity Plan Toolkit

BUSINESS CONTINUITY POLICY

POLICY. Number: Title: Enterprise Risk Management. Authorization

BUSINESS CONTINUITY MANAGEMENT SINGAPORE SS540 BCM STANDARDS. LSA Consultants Pte Ltd

Business Continuity Planning for Schools, Departments & Support Units

Merrycon s Approach to Business Continuity Management

Business Continuity (Policy & Procedure)

Business Continuity Policy and Business Continuity Management System

Business Continuity Planning for Water Utilities: Guidance Document [Project #4319]

Chapter 1: An Overview of Emergency Preparedness and Business Continuity

BCP and DR. P K Patel AGM, MoF

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

Business Continuity Management For Small to Medium-Sized Businesses

Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June

Transcription:

Business Continuity Management Factsheet To prepare for change, change the way you prepare In an intensely competitive environment, a permanent market presence is essential in order to satisfy customers and achieve planned levels of revenue and profit. An interruption event can result in property damage but it can also pose a serious threat to the continued existence of the business. The benefits of embracing resiliency are increasingly evident as the dangers of not being prepared for contingencies are displayed in news headlines around the world. Unpredictable events with extensive business interruption happen with increasing frequency. Every year, several thousand companies close their doors forever because of an unexpected event interrupting the flow of operations and for which management is unprepared to cope. It is estimated that after a major loss with an extended breakdown, over 40% of all businesses never reopen! Business as usual may not work if one wishes to remain in business. Interruptions are not always preventable, but their impact can be lessened through the implementation of recovery plans to support sustainability. A resilient enterprise is better able to anticipate surprises, recover from disruptions, adapt to changing conditions, and leverage emerging opportunities. A costly example A semiconductor plant in the USA producing chips for mobile phones caught fire due to a lightning strike in 2001. This caused severe problems for two of their customers who were major producers of mobile phone handsets. Whereas one company managed the crisis relatively successfully with an emergency plan, the other faced a major supply shortage resulting in loss of sales of at least USD 400 million and had to restructure their mobile phone division afterwards. Clearly, it is in the interest of management, as well as of customers, employees, owners and investors to make efforts to avoid incidents with business continuity impact, or to manage them effectively when they cannot be prevented. A properly developed Business Continuity Plan (BCP) will

reduce the severity of an incident, even if the probability is unaffected. Business Continuity Plan development in combination with our Business Continuity Management (BCM) audit and Business Impact Analysis (BIA) gives customers the opportunity to develop fit-for-purpose business continuity plans within a comprehensive BCM process requiring the minimum disruption to normal management activities. Plan to be prepared Business continuity management (BCM) has been defined as: A holistic management process that identifies potential impacts that threaten an organization and provides a framework for building resilience with the capability for effective response that safeguards the interest of its key stakeholders, reputation, brand and value creating activities. (Business Continuity Institute, 2001). Corporate sustainability can best be supported through Zurich's structured process. Zurich views BCM as a logical mitigation step to manage the multitude of risk exposures and potential interruption scenarios which could otherwise lead to financial impact if not checked. A robust continuity management strategy moves your company from reactive to proactive, to improve opportunity sustainable growth. All companies should have a true understanding of their business interruption risks, and should be able to demonstrate the robustness of their business continuity plans designed to maintain enterprise resilience and protect profitability. This understanding starts with a structured approach to Risk Profiling and the development of a Business Interruption model, used to create a continuity plan which addresses the critical exposures and opportunities. The more complex the business, the more value there is in utilizing such a structured process to enable enterprise resilience. Our approach to Enterprise Resilience As seen here, Total Risk Profiling (TRP) is recommended as the initial step in Zurich s business continuity planning process, which is designed to encourage your company to build resilience. TRP is beneficial to help management identify, prioritize and develop action plans to manage its business risks. Next, a business impact analysis is undertaken, to identify and quantify the systems that, when absent, would create a danger to the survival of an organization. The business impact analysis may also be coupled with a Supply Chain Assessment or Business Interruption modeling, to gather more quantification of key enterprise exposures which were raised in the Risk analysis Risk prevention Risk mitigation strategy Business Continuity Management (BCM) Vulnerability identification/assessment Vunerability catalog Key business processes Mission critical activities Business value chains Severity Disruption Time period marginal short Risk mapping/risk tolerance boundary Risk profile Vulnerability identification/assessment e.g. interruption of production line e.g. loss of key supplier e.g. outage of power supply Periodic testing, feedback and amendment Business Recovery Plan Safety and security plan/organization critical catastrophic Emergency plan/organization medium long Crisis management plan/organization Risk improvement catalog e.g. loss of shipment Total Risk Profiling TM (TRP) Zurich Hazard Analysis TM (ZHA) Business Impact Analysis (BIA) Business Continuation Planning (BCP)

I. Describing & Drawing the value chain Control Process Contigency Demand Supply Environment II. Vulnerability assessment Scale Duration Recovery Cost III. Evaluation of the implications (Impact Analysis) IV. Identifying Improvement Actions Total Risk Profiling session. It is important to ensure that these essential systems and business drivers receive the correct priority in your subsequent Business Continuity Plan (BCP) in order to improve risk, recovery and reputation. Not all losses can be covered by insurance. In the event of a major loss incident, the primary objective is to protect the business from the effects of damage or some other unforeseen events and maintain resilience. It is fundamental to prevent the events or at least mitigate their effects. In any case it is important to anticipate critical decisions. Zurich Risk Engineering has a well-established approach that works across a range of different business sectors and geographies. We recognize that not all companies have the same needs regarding the development of business continuity plans. Zurich has developed a range of solutions from basic awareness training with simple plan templates through to a complete 11-stage BCP development process. Our approach closely follows recognized international standards on BCP for example in the UK (BCI), the US (DRI, NFPA) and Australia (ANAO). It can be tailored around individual customers internal corporate guidelines. Features Zurich s BCM service provides: A quick introduction to business continuity management and plan development. A process to establish preventative actions to reduce both the probability of occurrence and reduce the effects in case of incident. Assistance in preparing and documenting reactive measures in printed crisis emergency recovery plans The opportunity for businesses to have more in-depth training and support in plan development. Return visits to audit and or test the plan at regular intervals An efficient process to develop plans for individual plants or sites in the minimum time necessary. Where applicable, an introduction to third party software suppliers suitable for a variety of different companies needs. Your benefits All organizations, regardless of size or industry sector should develop some sort of business continuity plan. The content and level of detail in the plan depends on the nature, scale and complexity of the organization. In large organizations, there may be multiple functional and operational plans at sites, regions or corporate levels. In smaller organizations, a single plan may suffice. Understanding the precise customer needs enables the best-tailored solution to be defined in order to protect both tangible and intangible assets (including reputation). BCM can minimize the operational impact after a relevant incident, and from a business interruption insurance perspective it represents an organization s unique fundamental company protection tool. BCP development helps customers to identify gaps and to improve the ways they manage the risks they retain and those they transfer.

Business Continuation Event Analysis Planning Action Risk Analyses Contingency Planning Prepare & test Event/Crisis Management Business Recovery Risk Identification Risk Assessment Risk Improvement Enable for normal business operations Proactive Reactive A success The management of one of the world s largest pharmaceuticals companies was required by its parent to develop a BCP. It lacked time and experience, so Zurich provided assistance to create an approach which was consistent with the business needs and the corporate BCP guidelines. Zurich was engaged to provide a structured supply chain assessment, business interruption and business continuity assessment of its critical sites and process areas, taking into account interdependencies and key supply chain routes. As a part of its business continuity planning, Zurich helped the company gain a deeper understanding of the overall supply chain and production interdependencies between its manufacturing sites. This enabled it to quantify the key business continuity vulnerabilities. A solid BCM plan improves enterprise resilience by Encouraging prompt reaction procedures with effective business recovery plans Delivering custom-made stress tests, simulations and audits Utilizing proprietary business interruption modeling and supply chain analysis tools Our unique development process What is unique about Zurich s offering? Zurich has created a set of quick and easy-toimplement solutions for customers to develop business continuity plans. In particular our full 11-stage BCP development process is unique in the way we focus on the economic measures to close the GAP interval (the disruption time less the customer loyalty time). In this way, we ensure that customers develop a plan, in the minimum time necessary, to get mission critical activities back in operation. 1. Select the BCM team 2. Specify customer needs 3. Analyze potential disruption times and define GAP interval 4. Integrate critical suppliers into the process 5. Set up an action check list 6. Close GAP interval 7. Compile a draft BCP 8. Test the BCP and response 9. Complete the BCP and verify the BCM capability 10. Summarize BCM status for external use 11. Regular update and maintenance Reducing business disruption and reputation impacts through proactive planning

1. Select BCM team The BCM team should represent various departments such as marketing, production, IT, purchasing, communication and risk management. This guarantees adequate and sufficient information. A team leader with a good knowledge of the organization and excellent communication skills should be appointed. 2. Specify the customer needs The process starts by asking how long customers would wait for supply before turning to a competitor after a major disruption. This time span is called customer loyalty time. As the customer needs have been expressed in explicit terms they show directly what issues to concentrate upon. This allows fast response and increases the necessary capability to improvise. 3. Analyze potential disruption times and define GAP interval A risk assessment report provides various damage scenarios. Based on this, production and IT management assess the restoration or disruption time for the various scenarios. Deducting the customer loyalty time from the disruption time gives the GAP interval. The GAP interval is the time when competitors have the best opportunity to lure away customers. Management decides which GAP intervals are acceptable. 4. Integrate critical suppliers into the process A company should not only focus on potential disruptions to its own business, but also to that of critical suppliers. To make sure that no link in the supply chain fails, the process also integrates sub-suppliers, customers and sometimes even competitors. 5. Set up an action check list All members of the BCM team list their responsibilities in potential crisis and restoration work. The lists form the BCM team member s individual Business Continuity Plan (BCP). Action lists are matched against each other to verify that responsibilities are known by all. 6. Close GAP interval The Zurich Risk Engineer supports the BCM team in an iterative process to identify the most economic measures to close those GAP intervals that are not acceptable. The process will establish preventative actions to reduce probability (of occurrence) and reduce effects (in case of incident). 7. Compile a draft BCP The BCM team and the Zurich Risk Engineer compile a draft BCP based on all information available. Every BCP should include an emergency plan, which many companies already have in place. Responsibilities for actions will be determined and documented 8. Test the BCP All BCM team members participate in tests simulating different serious loss scenario developed by Zurich, including simulated media communications. 9. Complete the BCP and verify the BCM capability The recovery plan is completed by integrating the test experience into the draft BCP and distributing the final version to the BCM and management teams. A wrap up review of the entire BCM capability is held with all involved, locally as well as on group level. This will verify consensus of the contents as well as build important internal confidence in actual own capability. 10. Summarize BCM status for external use Appropriate BCM inspires confidence among customers, suppliers, employees, shareholders and other stakeholders. The company should use its BCM capability as a marketing tool to enhance confidence in the company s supply reliability and enterprise resilience. 11. Regular update and maintenance As the environment and conditions change overtime, it is important to periodically review and, if necessary, update the BCP to reflect actual needs in case of a major event. Periodic auditing and testing is also recommended to maintain awareness and preparation at an adequate level. Scope of service In summary, there are three main components of Zurich s BCP development offering: An introductory seminar on the subject to introduce managers to the key processes in business continuity planning, including crisis response and media management. This is built around PAS 56, using the Business Continuity Institute s 5-step activity model. A training program to guide customers through the business continuity plan development process. This may also include

simple plan templates or familiarization with third party software as appropriate and could run from one-day to one-week. A comprehensive 11-stage BCP development process designed to identify, document and communicate the critical components of a plan. How much input is required? Ideally, seminars can last a half day. Training can run over three days. The 11-stage approach is typically 2 to 3 weeks (80 man hours of customer management time). However, all of our services are scalable and can be adapted to meet your business needs and availability. The important thing is simply that your company begins taking steps to improve its enterprise resilience. economic and financial variables monitored within an ERM and BCM processes. Management can use this risk intelligence to develop activities that promote sustainability and strategic resilience. A holistic Business Continuity Management (BCM) plan can help you to master an unexpected incident to survive and thrivefollowing a major disruption. For more information on Zurich products and services, please see http://www.zurichservices.com/zsc/strategic riskservices or contact: Linda Conrad Director of Strategic Business Risk Management linda.conrad@zurich.com, +1 410-371-9973 To prepare for change, you should change the way you prepare It is often said that to prepare for change, you should be ready to change the way you prepare. Ultimately, predicting the infinite number of unknowable disruptions is less important than preparing to manage outcomes and effects of those extreme risks. Charles Darwin said that it is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change. To this end, companies should implement early warning systems based on wide sets of operational, Zurich Services Corporation 1400 American Lane, Schaumburg, Illinois 60196-1056 800 982 5964 www.zurichservices.com Zurich Services Corporation Risk Engineering A1-18095-A (05/09) 09-1437 ISO 9001:2000 Quality-Assured Solutions Provider The information in this publication was compiled by Zurich Services Corporation from sources believed to be reliable. We do not guarantee the accuracy of this information or any results and further assume no liability in connection with this publication, including any information, methods or safety suggestions contained herein. Moreover, Zurich Services Corporation reminds you that this publication cannot be assumed to contain every acceptable safety and compliance procedure or that additional procedures might not be appropriate under the circumstances. The subject matter of this publication is not tied to any specific insurance product nor will adopting these procedures insure coverage under any insurance policy. 2009 Zurich Services Corporation

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information