Empowering Local Government Frontline Services - Mo Baines.pdf
BCM integration with EHS, Crisis Management and Emergency Response .
1. 1
Continuity and Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by speakers at the
4th
India Business & IT Resilience Summit
7th
October, 2016 | Hotel Hilton, Mumbai India
Our Contact Details:
INDIA UAE
Continuity and Resilience
Level 15,Eros Corporate Tower
Nehru Place ,New Delhi-110019
Tel: +91 11 41055534/ +91 11 41613033
Fax: ++91 11 41055535
Email: ms@continuityandresilience.com
Continuity and Resilience
P. O. Box 127557
Abu Dhabi, United Arab Emirates
Mobile:+971 50 8460530
Tel: +971 2 8152831
Fax: +971 2 8152888
Email: info@continuityandresilience.com
3. 3
Speaker’s Profile
•Lead Assessor / Trainer for BS25999, SS540, ISO22301,
ISO31000 and BRA : CBCI, AMBCI
•35 years of industry experience (Unilever, Johnson &
Johnson, Boots and RPG)
• More than 14 years of auditing and training experience
(DNV. BSI and Intertek)
• Industry Personality of the Year 2009 for
1st BCI Continuity & Resilience Awards India
• Lifetime Achievement 2011 in BCM by
BCI Asia Business Continuity Awards Singapore
4. 4
The BCM Standard ISO 22301:2012
ISO 22301 is the first management standard
that fully integrates ISO/Guide 83, "High level
structure and identical text for management
system standards and common core
management system terms and definitions"
ISO 22301 addresses the problem of
management of integrated systems and the
interfaces between different management
systems.
5. 5
ISO 22301 and the PDCA approach
Stakeholders and
Interested Parties
BCM Requirements
and Expectations
Stakeholders and
Interested Parties
Managed Business
Continuity
Continual improvement of BCMS
6. 6
ISO 22301:2012 and PDCA activities
Plan Establish business continuity policy, objectives, targets,
controls, processes and procedures relevant to managing
risk and improving business continuity to deliver results in
accordance with an organization's overall policies and
objectives.
Do Implement and operate the business continuity policy,
controls, processes and procedures.
Check Monitor and review performance against business continuity
objectives and policy, report the results to management for
review, and determine and authorize actions for remediation
and improvement.
Act Maintain and improve the BCMS by taking preventive and
corrective actions, based on the results of management
review and re-appraising the scope of the BCMS and
business continuity policy and objectives.
7. 7
ISO 22301:2012 consistency with other management
standards. Integrated implementation & operation
PDCA approach ensures degree of consistency with:
•ISO 9001:2015 – Quality management systems –
Requirements
•ISO 14001:2015 – Environmental management systems —
Requirements with guidance for use
•DIS ISO 45001- OH&S management systems
•ISO 27001:2013 – Information technology - Security
techniques - Information security management systems –
Requirements
•ISO 22320:2011 - Societal security — Emergency
management — Requirements for incident response
•BS 11200:2014 Crisis Management – Guidance and Good
8. 8
Management System key components
•A policy
•People with defined responsibilities
•Management processes relating to:
• Policy
• Planning
• Implementation and operation
• Performance assessment
• Management review and
• Improvement
10. 10
Within minutes to days:
• Contact staff, customers,
suppliers, etc.
• Recovery of critical business
processes
• Rebuild lost work-in-progress
Within minutes to hours:
• Staff and visitors
accounted for
• Casualties dealt with
• Damage containment/
limitation
• Damage assessment
• Invocation of BCP
Sequence of Events of an Incident
Within weeks to months:
• Damage repair/replacement
• Relocation to permanent
place of work
• Recovery of costs from
insurers
TimelineTimeline
Incident!Incident!
Incident ResponseIncident Response
Business continuityBusiness continuity
Recovery/resumption – back to normalRecovery/resumption – back to normal
Overall recovery objective:
back-to-normal as quickly as possible
11. 11
Chennai Rains & Floods -
Observations and Key
Learnings -
19th
March, 2016
12. 12
Duration of Incident & Impact
• Torrential rains in Chennai ( Major 3 spells) durations;
15th to 18th Nov'15,
23rd and 24th Nov'15,
1st to 7th Dec'15 resulting in flooding across the city.
• Major Impacts;
Most of the locations across the city were submerged in water
People and staff had difficulty to commute to & from office / home (people were stuck either
in office or at home due to water logging, lack of transportation, safety & health)
Overflowing of lakes and water bodies added to the damages including some key bridges &
subways
Closure of Airports, Trains and Road ways
Prolonged mobile network failure by multiple telecom providers
Simultaneous failure of both communication network links (primary and Secondary) by
multiple telecom providers
12 12
13. 13
Some BCM Textbook Actions in this situation
On-ground situation assessment
Crisis Management Team (CMT) call activated
Multiple call were taken daily during this period to gauge the situation and take
appropriate steps to ensure safety of staff and continuation of business in BCP Mode.
Ensuring critical staffs are accommodated in nearby hotels and in office.
Additional arrangements for food. Water and other basic amenities.
Deploying of High rise vehicles to ferry / pickup staff from water logged low lying areas.
Stretching of working timing.
Constant monitoring of situation and weather and making preparations accordingly.
Regular Communication sent to Senior Management, Internal and external stake holders
updating them on the ground situation and working capabilities of departments.
13 13
14. 14
Some BCM Textbook Actions in this situation (Cont.)
Continuing the business in bcp mode using multiple bcp strategies such as;
Activity transfer to other city / country
Critical staff present extending their work time
Staff reaching office closure to their home and working.
Working form home.
Alternate / Manual workaround
Continuous coordination with building management to ensure
Diesel for generators are replenish regularly as state power was switched off.
Water logged near office gates was pumped out.
Transport vendor providing necessary support
IT coordinating with Telecom vendors to ensure that network link and mobile services which were
disconnected are restored and ensuring that network links which were already up are maintained and not
deactivated.
Provide use of Wi-Fi for calling .
Additional care and safety of staff, especially women staff.
Ensure staff has reached home safely by activating the call tree.
14
15. 15
Potential Learnings from this situation
Staff to keep extra pair of clothes during monsoon
Keep adequate stock of food, dry snacks, drinking water
Immediate Booking of nearby hotel rooms.
Identify Hotels, Service apartments, guest houses around office areas which can be engaged
within short notice.
Procure adequate number of sleeping bags, bedsheets.
Facilities for shower, changing etc
Arrangement with transport vendors to provide high rise vehicles.
Have a pre-defined template to communicated with stakeholders, staff, media
Have appropriate notification tool, hotline number for communication with staff.
Ensure electrical power supply rooms and generator rooms are installed on higher levels and not
in basements.
Strategy to work from home if possible.
Unavailability of staff key staff due to personal exigencies, wanting to stay with family, unable to
travel to work place.
Clarity of weather the staff should come or not in office – flexibility in leave policy.
15 15
16. 16
Potential Learnings from this situation (Cont.)
Call tree list to have land line as alternate numbers where possible.
Office to have landline which can work even when IP phones are down.
BIA and BC Plans to have exact strategy on number of staff who can work from home,
staff who can work in split team etc
List of critical staff and back up staff.
16 16
Note animation
Have students discuss and predict the sequence of events in a typical incident. Use example of power outage at a distributor organization with a fleet of refrigerator trucks.
Explain that it is possible to map out most incidents as a sequence of three stages (shown above).
Specific activities tend to occur during each of these three stages – but it is notable that in some cases an organization’s activation of incident management, business continuity and business recovery plan may be in rapid succession or simultaneously.
Incident management plan (IMP) for incident response
Business continuity plan (BCP) to recover critical activities and to recover/resume normal business operations