bcm integration with ehs, crisis management and emergency response
TRANSCRIPT
1
Continuity and Resilience (CORE)ISO 22301 BCM Consulting FirmPresentations by speakers at the
4th India Business & IT Resilience Summit 7th October, 2016 | Hotel Hilton, Mumbai India
Our Contact Details:
INDIA UAE
Continuity and ResilienceLevel 15,Eros Corporate TowerNehru Place ,New Delhi-110019
Tel: +91 11 41055534/ +91 11 41613033Fax: ++91 11 41055535
Email: [email protected]
Continuity and ResilienceP. O. Box 127557
Abu Dhabi, United Arab EmiratesMobile:+971 50 8460530
Tel: +971 2 8152831 Fax: +971 2 8152888
Email: [email protected]
2
BCM integration with EHS, Crisis Management and Emergency Response .
3
Speaker’s Profile
•Lead Assessor / Trainer for BS25999, SS540, ISO22301, ISO31000 and BRA : CBCI, AMBCI
•35 years of industry experience (Unilever, Johnson & Johnson, Boots and RPG)
• More than 14 years of auditing and training experience (DNV. BSI and Intertek)
• Industry Personality of the Year 2009 for 1st BCI Continuity & Resilience Awards India
• Lifetime Achievement 2011 in BCM by BCI Asia Business Continuity Awards Singapore
4
The BCM Standard ISO 22301:2012
ISO 22301 is the first management standard that fully integrates ISO/Guide 83, "High level structure and identical text for management system standards and common core management system terms and definitions"
ISO 22301 addresses the problem of management of integrated systems and the interfaces between different management systems.
5
ISO 22301 and the PDCA approach
Stakeholders andInterested Parties
BCM Requirements and Expectations
Stakeholders andInterested Parties
Managed BusinessContinuity
Continual improvement of BCMS
6
ISO 22301:2012 and PDCA activities
Plan Establish business continuity policy, objectives, targets, controls, processes and procedures relevant to managing risk and improving business continuity to deliver results in accordance with an organization's overall policies and objectives.
Do Implement and operate the business continuity policy, controls, processes and procedures.
Check Monitor and review performance against business continuity objectives and policy, report the results to management for review, and determine and authorize actions for remediation and improvement.
Act Maintain and improve the BCMS by taking preventive and corrective actions, based on the results of management review and re-appraising the scope of the BCMS and business continuity policy and objectives.
7
ISO 22301:2012 consistency with other management standards. Integrated implementation & operation
PDCA approach ensures degree of consistency with:
• ISO 9001:2015 – Quality management systems – Requirements
• ISO 14001:2015 – Environmental management systems — Requirements with guidance for use
• DIS ISO 45001- OH&S management systems
• ISO 27001:2013 – Information technology - Security techniques - Information security management systems – Requirements
• ISO 22320:2011 - Societal security — Emergency management — Requirements for incident response
• BS 11200:2014 Crisis Management – Guidance and Good Practice
8
Management System key components
•A policy
•People with defined responsibilities
•Management processes relating to:
• Policy
• Planning
• Implementation and operation
• Performance assessment
• Management review and
• Improvement
9
Incident preparedness and operational (business) continuity management (IPOCM) - ISO/PAS 22399
10
Within minutes to days:
• Contact staff, customers, suppliers, etc.
• Recovery of critical business processes
• Rebuild lost work-in-progress
Within minutes to hours:
• Staff and visitors accounted for
• Casualties dealt with
• Damage containment/ limitation
• Damage assessment
• Invocation of BCP
Sequence of Events of an Incident
Within weeks to months:
• Damage repair/replacement
• Relocation to permanent place of work
• Recovery of costs from insurers
Timeline
Incident!
Incident Response
Business continuity
Recovery/resumption – back to normal
Overall recovery objective: back-to-normal as quickly as possible
11
Chennai Rains & Floods - Observations and Key Learnings -
19th March, 2016
12
Duration of Incident & Impact
• Torrential rains in Chennai ( Major 3 spells) durations;
15th to 18th Nov'15,
23rd and 24th Nov'15,
1st to 7th Dec'15 resulting in flooding across the city.
• Major Impacts;
Most of the locations across the city were submerged in water
People and staff had difficulty to commute to & from office / home (people were stuck either in office or at home due to water logging, lack of transportation, safety & health)
Overflowing of lakes and water bodies added to the damages including some key bridges & subways
Closure of Airports, Trains and Road ways
Prolonged mobile network failure by multiple telecom providersSimultaneous failure of both communication network links (primary and Secondary) by
multiple telecom providers
12 12
13
Some BCM Textbook Actions in this situation
On-ground situation assessment
Crisis Management Team (CMT) call activated
Multiple call were taken daily during this period to gauge the situation and take appropriate steps to ensure safety of staff and continuation of business in BCP Mode.
Ensuring critical staffs are accommodated in nearby hotels and in office.
Additional arrangements for food. Water and other basic amenities.
Deploying of High rise vehicles to ferry / pickup staff from water logged low lying areas.
Stretching of working timing.
Constant monitoring of situation and weather and making preparations accordingly.
Regular Communication sent to Senior Management, Internal and external stake holders updating them on the ground situation and working capabilities of departments.
13 13
14
Some BCM Textbook Actions in this situation (Cont.)
Continuing the business in bcp mode using multiple bcp strategies such as;
Activity transfer to other city / country
Critical staff present extending their work time
Staff reaching office closure to their home and working.
Working form home.
Alternate / Manual workaround
Continuous coordination with building management to ensure
Diesel for generators are replenish regularly as state power was switched off.
Water logged near office gates was pumped out.
Transport vendor providing necessary support
IT coordinating with Telecom vendors to ensure that network link and mobile services which were disconnected are restored and ensuring that network links which were already up are maintained and not deactivated.
Provide use of Wi-Fi for calling .
Additional care and safety of staff, especially women staff.
Ensure staff has reached home safely by activating the call tree.
14
15
Potential Learnings from this situation
Staff to keep extra pair of clothes during monsoon
Keep adequate stock of food, dry snacks, drinking water
Immediate Booking of nearby hotel rooms. Identify Hotels, Service apartments, guest houses around office areas which can be engaged within short
notice. Procure adequate number of sleeping bags, bedsheets.
Facilities for shower, changing etc Arrangement with transport vendors to provide high rise vehicles. Have a pre-defined template to communicated with stakeholders, staff, media
Have appropriate notification tool, hotline number for communication with staff.Ensure electrical power supply rooms and generator rooms are installed on higher levels and not in
basements.Strategy to work from home if possible.
Unavailability of staff key staff due to personal exigencies, wanting to stay with family, unable to travel to work place.
Clarity of weather the staff should come or not in office – flexibility in leave policy.
15 15
16
Potential Learnings from this situation (Cont.)
Call tree list to have land line as alternate numbers where possible.
Office to have landline which can work even when IP phones are down.
BIA and BC Plans to have exact strategy on number of staff who can work from home, staff who can work in split team etc
List of critical staff and back up staff.
16 16
17
Any Questions?
17 17
Thank You