Business Continuity Management: Only an

Elusive Goal for Companies or Reality in

Making?

Corrado Zana CBCP MBCI

BCManager

Consiglio Direttivo:

Corrado Zana

(Presidente)

Lucio Silvio Casati

(Segretario)

Luca Laghi

(Consigliere)

Corradino Corradi

(Consigliere)

Francesco Lambiase

(Tesoriere)

Marco Lombardi

(Consigliere)

Fondatori (2005):

Corrado Zana

Lucio Silvio Casati

Luca Laghi

Corradino Corradi

Giuseppe Femia

Francesco Lambiase

Alberto Viano

Luca Ruini

L’associazione BCManager è finalizzata alla promozione della conoscenza della disciplina del Business

Continuity Management e delle discipline a questa collegate quali Crisis Management e Risk Management.

BCManager si prefigge:

• Di divenire interlocutore privilegiato del mondo economico, stabilendo rapporti con le sue realtà più

rappresentative, quali associazioni di categoria, camere di commercio, enti pubblici, organismi di vigilanza;

• Lo sviluppo e consolidamento di rapporti con Associazioni italiane aventi come scopo la diffusione della cultura

della Sicurezza & Prevenzione Rischi e del Risk Management;

• Lo sviluppo e consolidamento di rapporti con Associazioni analoghe all’estero, in particolare nel mondo

anglosassone;

• Incoraggiare lo sviluppo delle relazioni personali allo scopo di favorire lo scambio delle esperienze professionali

tra i Soci;

• L'incremento della conoscenza delle caratteristiche e finalità del Business Continuity Management presso le

Istituzioni, i media, le Aziende, la Scuola, l’Università ed il mondo accademico in generale attraverso scambi

culturali, visite, manifestazioni congiunte ed incontri di approfondimento;

• L'organizzazione di convegni, tavole rotonde, corsi di formazione ed aggiornamento destinati a soci e affiliati;

• La raccolta e la redazione ex-novo di principi, regole, standard nazionali ed internazionali, letteratura nonché la

costituzione di un centro di documentazione inerente la disciplina del Business Continuità Management;

• L’edizione su carta, CD o altri supporti informatici, attraverso Internet e su altri media, di testi riportanti esperienze

internazionali, "loss lessons", nuove metodologie ed approcci significativi, osservazioni, contributi ed

approfondimenti individuati dall'Associazione quali meritevoli di diffusione;

• L'organizzazione di borse di studio

Comunità di circa 100 professionisti

Sito www.bcmanager.it

BCM is ”..an Holistic management

process that identifies potential threats

to an organisation and the impacts to

business operations that those threats,

if realized, might cause, and which

provides a framework for building

organizational resilience with the

capability for an effective response that

safeguards the interests of its key

stakeholders, reputation, brand and

value-creating activities”

British Standard Institute BS25999-2

Business Continuity Management at a glance

Objectives and International Standards

BCM program key objectives:

• Mitigate consequences of serious accidents

• Secure cash-flow

• Protect market share and brand value

• Comply with external requirements

Why Business Continuity Management ?

Because things happen…

•Legal/Compliance Risks arising from violations of compliance with laws and regulations

(i.e. data retention). Loss or destruction of customer information (i.e. personal data) can also raise potential

risks from third party claims. Failure to meet SLAs requirements with customers regarding service

availability may result to significant lawsuits.

• Financial Stability Risks arise through unavailability of delivered products & services

towards the organization’s customers. Such risks may lead to major financial losses having impact directly

or indirectly on the financial stability of the organization, causing thus a failure to achieve stated goals and

financial objectives.

• Reputation and Loss of Customer Confidence are the most

important risks to quantify and mitigate. Such risks lead to the damage to the organization’s reputation, an

intangible but important asset. Will customers and / or other companies cooperate with a company once

they read in the paper that a company’s service quality is low or service delivery is regularly interrupted?

Will top employees remain at a company so reputably damaged? And, what will be the reaction of the

company’s shareholders? What is the expected loss of future business revenue? What is the expected

loss of market capitalization?

Why Business Continuity Management ?Top 3 drivers

Management

•Corporate Governance (transparency and social responsibility)

•Giving evidence of a proper risk control and sustainable growth

•Duty of care in protecting physical assets and operations

•Competitive Advantage: we are reliable in any circumstance!

•Enables a clearer understanding of how your entire organization works

which can identify opportunities for improvement

•Compliance with applicable national/international laws and codes

Stakeholders

•Employees: protecting health and safety; assuring their earnings

•Customers: quality and reliability of service offering

•Media: assure proper media management and communication flow

•Communities: providing support during national or international

emergencies

•Authorities having jurisdiction: compliance with requirements

Shareholders

•Protecting the enterprise value and investor confidence

•Protecting brand and corporate image

•Protecting market presence

•Cash flow and share price protection

•Reduce Total Cost of Risk (Insurance transfer)

Why Business Continuity Management?

Benefits and Drivers from different angles

Why Business Continuity Management?

Loss experiences

Shareholder value in the 6

months following a severe loss (Source: D Pretty – Oxford Metrica)

8% survive

12% fail within 5 years

40% never re-open

40% fail within 18 months

Companies hit by a major

crisis but not provided

with a reliable BCM

System:

Develop a set of credible, discrete business performance

measures (KPIs) and availability risk indicators that directly

impact those business performance measures

• Mapping availability key

performance indicators

(KPIs) to key risk indicators

(KRIs) provides business

managers with the

availability risk information

they need in order to make

the needed investments,

financial and workforce, for

building effective BCM and

BRM programs

Business Continuity Management value argumentation

Get Management Commitment through KPI and KRI

UnderstandBusiness

Define KPI Define KRI

KPI KRI

Customer

Experience

Customer

Experience

Customer

Experience

Customers

impacted

by outages

Actual Planned DesiredGap

Business Continuity Management

IT BC/DR ‘comfort zone’ as starting point

DR/BC as key Technology priority

in 2010 at Global level

More than 60 % of business

processes to be recovered within 24

hours (RTO)

Business Continuity Management : Market Trends (Gartner)BCM Manager role to be extended and reinforced

Resiliency Index

SCR process started

from identification of

Few Products bringing

the highest margin

Supply Chain Reliability & BCM – Best Practice

Supply chain risk management (SCRM) is a critical discipline within business

continuity management (BCM) that many companies, particularly manufacturing

firms, fail to perform well.

Cisco's value chain risk management

program is built around four major

functional disciplines:

•BCP

•Crisis management

•Product resiliency

•Supply chain resiliency

Defined for each key

product and supplier

Supply Chain Risk Management: Case Study

March 2000, Philips fire…and Nokia reaction: a textbook case

Business Continuity Manager

…a key resource in CFO area. May I disagree?

BC Manager profile:

• Certified Professional by

DRII, BCI or ISEB

• PM back-ground

• IT/Infosec competence

• Facilitator not owner

Thank youCorrado.Zana@nsn.com