Applying Business Continuity Standards (ISO 22301) in ManufacturingKate Chadwick-Johnson – Corning Incorporated

Terry Kaminski – Avalution Consulting

Background

• Business continuity planning is well established in regulated industries

• Manufacturing and non-regulated industries often rely on other drivers, including customer and leadership mandates, leveraging standards to achieve value

• How did Corning Incorporated apply the ISO 22301 framework to the manufacturing environment successfully?

• Will cover:• Practical application, pitfalls to avoid, what’s valuable to the business

• How to turn the standard’s requirements into beneficial outcomes for the business

© 2019 Corning Incorporated

Corning Incorporated is one of the world’s leading innovators in materials science. For more than 165 years, Corning has applied its unparalleled expertise in glass science, ceramic

science, and optical physics to develop products and processes that have transformed industries and enhanced

people’s lives.

Founded:

1851

Headquarters:

Corning, New York

Employees:

>50,000 worldwide

2018 Core Sales:

$11.4 billion (at rate of 107 ¥/$)

Fortune 500 Ranking (2019):

279

Specialty MaterialsEnvironmental Technologies

Display Technologies

Optical Communications Life Sciences

Business Segments That Lead Growth Industries

© 2019 Corning Incorporated

Corning’s Business Continuity Office (BCO)

• Part of Global Security’s Risk and Resiliency Practice

• 3 FTEs, Center of Excellence approach• Tools, templates, standards

• Consultative guidance

• The BCO supports Corning in proactive planning (business continuity) and response (event or crisis management)

• Corning has adopted the ISO 22301 Business Continuity Framework to guide our business continuity program efforts across the enterprise• Focus on our capability to continue the delivery of products or services to

acceptable, pre-defined levels following a disruptive incident

Differences in Drivers

• Driven by regulatory requirements

• Compliance is driven from the top down

• Frameworks established and well formalized, including ISO 22301

• Championed by a passionate senior leader

• May be driven by customers and/or dependence on suppliers

• Program success requires winning the “hearts and minds” of operational leadership

• Must be driven by capabilities developed, will fail if a “check the box” exercise

Highly regulated industries Less/non-regulated industries

Turning ISO requirements into outcomes

Program Governance

•Steering Committee

•Charter

•Program Manager

•Kick-off

Define Requirements

•Business Impact Analyses (BIAs)

•Risk assessment

ID and Select Strategies

•How do we prepare?

•How will we operate differently?

•How will we recover from loss scenarios?

Document Plans

•Response, recovery and communication strategies

Training and Testing

•How do we respond?

•Test to validate strategies

What has this required organizationally?

• Sponsorship from key councils

• Strong partnerships with other corporate functions• IT – supporting systems info for disaster recovery and system availability

• Global Supply Management – materials sourcing, procurement, logistics, etc.

• Global Insurance – property risk assessments

• Flexibility to meet each business unit’s unique needs while still aligning with the ISO standard

• Great change management practices – ID key stakeholders (supporters AND resistors) and keep them engaged appropriately

Practical application – how does it look/feel?

• Demystify “business continuity”

• Simplify it

• Understand what’s helpful to the business

Demystify “business continuity”

Business continuity is the ongoing process of:

• Understanding resources required to do business in a normal state

• Knowing how to respond to a disruption when it occurs and how to do business differently

• Eliminating or reducing potential for disruption

Recommendations:

• Distinguish business continuity from emergency or crisis management

• Prepare a business continuity “elevator speech”

• Practical, uncomplicated examples

Disneyland Hong Kong (Aug. 2019)

How they did business differently (my POV):

1. Ensure safety of guests and cast members

2. Optimize guest experience

3. Protect revenue generation

Simplify it

• Link the business continuity program to crisis management and other risk management processes

• Know when to dig deep and when not to

• Focus on loss scenarios – “what if” planning

• Be upfront about what the process is intended to do – the value is in getting business leadership on the same page about risk and recovery and improving resilience

Everything must be made as simple as possible.

But not simpler.

Albert Einstein

Pitfalls to avoid

• Boiling the ocean – not all products and services are strategically important

• Drawing hasty conclusions

• Not getting alignment with the right levels of leadership

• “Check the box” activities instead of improved capabilities

Understand what’s helpful to the business

• Help them understand the linkage between technology dependencies and business processes (IT disaster recovery)

• If there are particular investments the business is considering, can you use the BIA or risk assessment process to aid in their process?

• Compliance to business continuity requirements in industry-specific standards

• Confidently address customer inquiries on continuity of operations and supply assurance

• Shared understanding of dependencies and risk

• A path forward and a framework to sustain it

Questions?

• Kate Chadwick-JohnsonCorning Incorporated

chadwickka@corning.com

If you provide me your business card, I can share the presentation

Always eager to benchmark practices with other organizations

• Terry KaminskiAvalution Consulting

terry.kaminski@Avalution.com