applying business continuity standards manufacturing€¦ · applying business continuity standards...
TRANSCRIPT
Applying Business Continuity Standards (ISO 22301) in ManufacturingKate Chadwick-Johnson – Corning Incorporated
Terry Kaminski – Avalution Consulting
Background
• Business continuity planning is well established in regulated industries
• Manufacturing and non-regulated industries often rely on other drivers, including customer and leadership mandates, leveraging standards to achieve value
• How did Corning Incorporated apply the ISO 22301 framework to the manufacturing environment successfully?
• Will cover:• Practical application, pitfalls to avoid, what’s valuable to the business
• How to turn the standard’s requirements into beneficial outcomes for the business
© 2019 Corning Incorporated
Corning Incorporated is one of the world’s leading innovators in materials science. For more than 165 years, Corning has applied its unparalleled expertise in glass science, ceramic
science, and optical physics to develop products and processes that have transformed industries and enhanced
people’s lives.
Founded:
1851
Headquarters:
Corning, New York
Employees:
>50,000 worldwide
2018 Core Sales:
$11.4 billion (at rate of 107 ¥/$)
Fortune 500 Ranking (2019):
279
Specialty MaterialsEnvironmental Technologies
Display Technologies
Optical Communications Life Sciences
Business Segments That Lead Growth Industries
© 2019 Corning Incorporated
Corning’s Business Continuity Office (BCO)
• Part of Global Security’s Risk and Resiliency Practice
• 3 FTEs, Center of Excellence approach• Tools, templates, standards
• Consultative guidance
• The BCO supports Corning in proactive planning (business continuity) and response (event or crisis management)
• Corning has adopted the ISO 22301 Business Continuity Framework to guide our business continuity program efforts across the enterprise• Focus on our capability to continue the delivery of products or services to
acceptable, pre-defined levels following a disruptive incident
Differences in Drivers
• Driven by regulatory requirements
• Compliance is driven from the top down
• Frameworks established and well formalized, including ISO 22301
• Championed by a passionate senior leader
• May be driven by customers and/or dependence on suppliers
• Program success requires winning the “hearts and minds” of operational leadership
• Must be driven by capabilities developed, will fail if a “check the box” exercise
Highly regulated industries Less/non-regulated industries
Turning ISO requirements into outcomes
Program Governance
•Steering Committee
•Charter
•Program Manager
•Kick-off
Define Requirements
•Business Impact Analyses (BIAs)
•Risk assessment
ID and Select Strategies
•How do we prepare?
•How will we operate differently?
•How will we recover from loss scenarios?
Document Plans
•Response, recovery and communication strategies
Training and Testing
•How do we respond?
•Test to validate strategies
What has this required organizationally?
• Sponsorship from key councils
• Strong partnerships with other corporate functions• IT – supporting systems info for disaster recovery and system availability
• Global Supply Management – materials sourcing, procurement, logistics, etc.
• Global Insurance – property risk assessments
• Flexibility to meet each business unit’s unique needs while still aligning with the ISO standard
• Great change management practices – ID key stakeholders (supporters AND resistors) and keep them engaged appropriately
Practical application – how does it look/feel?
• Demystify “business continuity”
• Simplify it
• Understand what’s helpful to the business
Demystify “business continuity”
Business continuity is the ongoing process of:
• Understanding resources required to do business in a normal state
• Knowing how to respond to a disruption when it occurs and how to do business differently
• Eliminating or reducing potential for disruption
Recommendations:
• Distinguish business continuity from emergency or crisis management
• Prepare a business continuity “elevator speech”
• Practical, uncomplicated examples
Disneyland Hong Kong (Aug. 2019)
How they did business differently (my POV):
1. Ensure safety of guests and cast members
2. Optimize guest experience
3. Protect revenue generation
Simplify it
• Link the business continuity program to crisis management and other risk management processes
• Know when to dig deep and when not to
• Focus on loss scenarios – “what if” planning
• Be upfront about what the process is intended to do – the value is in getting business leadership on the same page about risk and recovery and improving resilience
Everything must be made as simple as possible.
But not simpler.
Albert Einstein
Pitfalls to avoid
• Boiling the ocean – not all products and services are strategically important
• Drawing hasty conclusions
• Not getting alignment with the right levels of leadership
• “Check the box” activities instead of improved capabilities
Understand what’s helpful to the business
• Help them understand the linkage between technology dependencies and business processes (IT disaster recovery)
• If there are particular investments the business is considering, can you use the BIA or risk assessment process to aid in their process?
• Compliance to business continuity requirements in industry-specific standards
• Confidently address customer inquiries on continuity of operations and supply assurance
• Shared understanding of dependencies and risk
• A path forward and a framework to sustain it
Questions?
• Kate Chadwick-JohnsonCorning Incorporated
If you provide me your business card, I can share the presentation
Always eager to benchmark practices with other organizations
• Terry KaminskiAvalution Consulting