1. customer profile
International Container
Terminal Services, Inc.
Leading container terminal operator enhances
its business resilience through sound business
continuity planning
International Container Terminal Services, Inc. (ICTSI) is in the business of acquiring, developing,
managing, and operating container ports and terminals worldwide. As ICTSI’s flagship division, the
Manila International Container Terminal (MICT) is the largest container port terminal in the Philippines.
A significant adverse incident at MICT can have far reaching consequences for ICTSI and its reputation
for managing ports around the world. More importantly, it can have a significant impact on the econ-
omy of the Philippines, as MICT is a major supply chain hub for the whole nation. It was therefore
imperative to implement or improve contingency plans and business continuity capabilities at MICT
to address such adverse incidents. ICTSI commissioned EMC®
Consulting to assist in this initiative.
At the outset, EMC consultants set the boundaries right in terms of the overlapping and often-times
confusing disciplines such as business continuity and disaster recovery. Many professionals confuse
these terms and use them interchangeably even though they are different, albeit related, concepts.
Business continuity management is about studying business processes and how to enhance their
resilience in a crisis. It comprises a holistic plan for rapidly resuming mission-critical activities in
the event of a crisis or disruption. Disaster recovery planning, on the other hand, is about increasing
the resilience of information technology (IT). Each has a different emphasis—something that is often
not clearly understood in the industry.
Auditing and establishing a business continuity baseline
Once the scope and boundaries of business continuance and disaster recovery were clearly estab-
lished, EMC Consulting was commissioned to conduct an audit of ICTSI’s current business continuity
capabilities. A parallel disaster recovery technology implementation initiative was already underway,
and ICTSI was already writing their disaster recovery plan and procedure to support the technology.
They wanted to go beyond IT and study the resilience of their business processes.
The business continuity audit had the following objectives:
• To inform ICTSI’s management of their current business continuity readiness
• To establish a baseline from which further enhancements could be benchmarked against
• To document a gap analysis report identifying weakness in business continuity capabilities
• To provide a roadmap of prioritized recommendations on how to move toward a world-class
business continuity capability
As an auditing and rating tool, EMC consultants used the Business Continuity Maturity Model®
or
BCMM®
by Virtual Corporation, New Jersey. This model provided an objective, quantifiable, and
repeatable rating model for ICTSI’s BCM program.
The BCMM is a six-level model that assists organizations in evaluating their resilience by asking a
comprehensive set of questions. The answers to the questions contribute to scores in eight character-
istics of a successful business continuity management program. The assessment scores can be used
to obtain executive support, increase business continuity awareness, and quantify improvements
in the business continuity program.
2. Using the BCMM, EMC’s consultants conducted detailed interviews and surveys of several key
business leaders in ICTSI on various aspects of business resilience. Inconsistencies in data were
closely studied and re-visited. The audit was completed on time in four weeks. A scorecard was
generated from the exercise rating the various competencies and attributes of a successful BCM
program and how ICTSI scored in each of these areas. EMC consultants wrote a report interpreting
the scores with a list of prioritized recommendations on how to improve business resilience.
“The scorecard and report gave our senior management a bird’s eye view of where we stood,”
said Ms. Catherine Orellano, Information Technology Systems and Services (ITSS) Manager at MICT.
“We actually scored very well in certain areas like security and emergency response. In some other
areas, we needed improvement. The scorecard provided the baseline and springboard to plan these
improvements. From a list of areas to work on, our management chose development of Departmental
Recovery Plans as our top priority.”
An initial in-house, do-it-yourself effort whereby all departments drafted their own departmental
recovery plans met with limited success. The output from each department was not standardized
and varied significantly in scope and functionality. EMC business continuity consultants were called
in again to assist.
The pilot project involved EMC Consulting working on two pilot departments and, in the process,
training ICTSI staff to roll out the program to the other departments. The project activities involved
conducting a Business Impact Analysis (BIA), business continuity strategy plan, and finally, building
the recovery plan and procedures for each department.
Conducting a Business Impact Analysis and formulating a business
continuity strategy
During the BIA stage, recovery time objective (RTO) values were analyzed and calculated for each
business function within the two departments studied. These RTO values showed how quickly a
particular function had to be recovered after a stoppage in order to minimize major losses to the
business. The BIA also identified business functions that were not critical and could be suspended
during a period of crisis, thereby relieving pressure and focusing resources on mission-critical
activities (MCA). The business RTO values derived also permitted a cross-check on the existing
technology RTO values to ensure technology RTOs supported business RTOs.
Once the RTOs were worked out, EMC wrote a business continuity strategy paper that discussed
how continuity could be enhanced at various levels of the organization—at the level of the holding
company (ICTSI), at MICT, and at grass-root departmental levels.
Developing a gold standard for departmental plans
Once the strategy was accepted, it was time to write the detailed departmental plans, which included
step-by-step procedures and supporting information. To maintain consistency, EMC proposed a draft
departmental plan document to be used as a “gold standard” for departmental plans for the whole
company. By following this “gold standard,” all departments would have a standardized way of
writing plans. For example, section 3.2 of the departmental plan for department A would contain
the “roles and responsibilities” of the recovery teams in that department, while the same section
in department B’s plans would cover the same topic. Such standardization meant ease of use of the
plan from a developer, auditor, and management point of view.
“Feedback from business continuity managers involved in actual
disasters revealed that increasing complexity in plans made
them less useful in a crisis. EMC Consulting embarked on a
mission to create a plan that was neither too complex to be
pragmatic, nor too simplistic to be useless. We believe they
achieved this delicate balance.”
Vice President and MICT General Manager