2. Business Continuity - Planning
► BCM Definition (BS ISO 22301)
– “holistic management process that identifies potential
threats to an organization and the impacts to business
operations those threats, if realized, might cause, and
which provides a framework for building organizational
resilience with the capability of an effective response
that safeguards the interests of its key stakeholders,
reputation, brand and value-creating activities”
3. Business Continuity - Planning
► Best practice from ISO 22301 – Business Continuity
Management systems
– Keepmoat BCM Policy, Procedures, Plans, Business Impact Analysis
cover critical business functions including supply chain reviewed
through internal audits, desktop tests and live exercises.
– Project Business Continuity Plans set out how continuity of business
will be achieved under various business disruption events including
the Disruption of the Supply of Materials. The Plan will include an
indicative schedule of test and review dates.
– All BCPs are reviewed as part of the Annual Management Review.
6. Business Continuity - Process
► All Hazards Approach to Disruption Events
– Keepmoat adopt an ‘all hazards’ approach addressing the
consequences rather than purely the causes
– BCP linked to Clients’ Civil Emergency Plans to support the plans
for Major Disaster and Civil Emergency.
– Key threat categories include;
Loss of access to Buildings
Environmental inc. external threats
People – key staff and health epidemics
IT – data, network and communications
Combinations of the above
7. Business Continuity - Process
► All Hazards Approach to Disruption Events
Risk Assessment (RA)
Business Impact Analysis (BIA)
Business Continuity Plan (BCP)
Train, Test and Live Exercises
Review&Improve
12. Business Continuity
► Business Continuity Plan
(BCP)
– BCP Objectives
– Roles & Responsibilities
– Key Risks
– Contacts
– Invocation and BC processes
– Tests and exercises’ schedule
– Client Emergency Support
13.
14. Business Continuity - Process
► Test & Exercises’ schedule
– Carried out in accordance with BS
ISO 22398
– Tests verify recovery time
objectives within BCP and test out
crisis scenarios.
– Tests and exercise programmes
based on risk assessment but as
a minimum within:-
3 months desk top tests and
12 months ‘live’ exercises
16. Business Continuity – 4 key threats
► Disruption to IT & Data
► Systems redundancy inherent
in Keepmoat approach
– Co-location of IT infrastructure
– Distributed office locations
► Data security maintenance
► Regular systems testing and
resilience proving
17. Business Continuity – 4 key threats
► Disruption of Time essential Staff
– Succession planning
– Trained deputies
– Temporary delegation of authority
– Prioritised BC support for designated staff
18. Business Continuity – 4 key threats
► Denial of access to office
– Staff work from home using secure IT
– Pre-allocated locations in alternative Keepmoat
offices
– Ability to rapidly move
to serviced offices
19. Business Continuity – 4 key threats
► Disruption of the Supply of Materials
– All Suppliers and Subcontractors are formally approved using stringent, due
diligence processes.
– Alternative suppliers and Subcontractors available
– Robust specifications for supplier materials ensure that client
requirements are met for each project.
– Keepmoat carry out quality audits on supply chain processes and
individual companies to test robustness of supply including assessing
their business continuity plans.
– Supply Chain will be analysed and assessed in accordance with
standard PD 25222 using tests and live exercises