1

Continuity and Resilience (CORE)ISO 22301 BCM Consulting FirmPresentations by speakers at the

4th India Business & IT Resilience Summit 7th October, 2016 | Hotel Hilton, Mumbai India

Our Contact Details:

INDIA UAE

Continuity and ResilienceLevel 15,Eros Corporate TowerNehru Place ,New Delhi-110019

Tel: +91 11 41055534/ +91 11 41613033Fax: ++91 11 41055535

Email: ms@continuityandresilience.com

Continuity and ResilienceP. O. Box 127557

Abu Dhabi, United Arab EmiratesMobile:+971 50 8460530

Tel: +971 2 8152831 Fax: +971 2 8152888

Email: info@continuityandresilience.com

2

BCM integration with EHS, Crisis Management and Emergency Response .

3

Speaker’s Profile

•Lead Assessor / Trainer for BS25999, SS540, ISO22301, ISO31000 and BRA : CBCI, AMBCI

•35 years of industry experience (Unilever, Johnson & Johnson, Boots and RPG)

• More than 14 years of auditing and training experience (DNV. BSI and Intertek)

• Industry Personality of the Year 2009 for 1st BCI Continuity & Resilience Awards India

• Lifetime Achievement 2011 in BCM by BCI Asia Business Continuity Awards Singapore

4

The BCM Standard ISO 22301:2012

ISO 22301 is the first management standard that fully integrates ISO/Guide 83, "High level structure and identical text for management system standards and common core management system terms and definitions"

ISO 22301 addresses the problem of management of integrated systems and the interfaces between different management systems.

5

ISO 22301 and the PDCA approach

Stakeholders andInterested Parties

BCM Requirements and Expectations

Stakeholders andInterested Parties

Managed BusinessContinuity

Continual improvement of BCMS

6

ISO 22301:2012 and PDCA activities

Plan Establish business continuity policy, objectives, targets, controls, processes and procedures relevant to managing risk and improving business continuity to deliver results in accordance with an organization's overall policies and objectives.

Do Implement and operate the business continuity policy, controls, processes and procedures.

Check Monitor and review performance against business continuity objectives and policy, report the results to management for review, and determine and authorize actions for remediation and improvement.

Act Maintain and improve the BCMS by taking preventive and corrective actions, based on the results of management review and re-appraising the scope of the BCMS and business continuity policy and objectives.

7

ISO 22301:2012 consistency with other management standards. Integrated implementation & operation

PDCA approach ensures degree of consistency with:

• ISO 9001:2015 – Quality management systems – Requirements

• ISO 14001:2015 – Environmental management systems — Requirements with guidance for use

• DIS ISO 45001- OH&S management systems

• ISO 27001:2013 – Information technology - Security techniques - Information security management systems – Requirements

• ISO 22320:2011 - Societal security — Emergency management — Requirements for incident response

• BS 11200:2014 Crisis Management – Guidance and Good Practice

8

Management System key components

•A policy

•People with defined responsibilities

•Management processes relating to:

• Policy

• Planning

• Implementation and operation

• Performance assessment

• Management review and

• Improvement

9

Incident preparedness and operational (business) continuity management (IPOCM) - ISO/PAS 22399

10

Within minutes to days:

• Contact staff, customers, suppliers, etc.

• Recovery of critical business processes

• Rebuild lost work-in-progress

Within minutes to hours:

• Staff and visitors accounted for

• Casualties dealt with

• Damage containment/ limitation

• Damage assessment

• Invocation of BCP

Sequence of Events of an Incident

Within weeks to months:

• Damage repair/replacement

• Relocation to permanent place of work

• Recovery of costs from insurers

Timeline

Incident!

Incident Response

Business continuity

Recovery/resumption – back to normal

Overall recovery objective: back-to-normal as quickly as possible

11

Chennai Rains & Floods - Observations and Key Learnings -

19th March, 2016

12

Duration of Incident & Impact

• Torrential rains in Chennai ( Major 3 spells) durations;

15th to 18th Nov'15,

23rd and 24th Nov'15,

1st to 7th Dec'15 resulting in flooding across the city.

• Major Impacts;

Most of the locations across the city were submerged in water

People and staff had difficulty to commute to & from office / home (people were stuck either in office or at home due to water logging, lack of transportation, safety & health)

Overflowing of lakes and water bodies added to the damages including some key bridges & subways

Closure of Airports, Trains and Road ways

Prolonged mobile network failure by multiple telecom providersSimultaneous failure of both communication network links (primary and Secondary) by

multiple telecom providers

12 12

13

Some BCM Textbook Actions in this situation

On-ground situation assessment

Crisis Management Team (CMT) call activated

Multiple call were taken daily during this period to gauge the situation and take appropriate steps to ensure safety of staff and continuation of business in BCP Mode.

Ensuring critical staffs are accommodated in nearby hotels and in office.

Additional arrangements for food. Water and other basic amenities.

Deploying of High rise vehicles to ferry / pickup staff from water logged low lying areas.

Stretching of working timing.

Constant monitoring of situation and weather and making preparations accordingly.

Regular Communication sent to Senior Management, Internal and external stake holders updating them on the ground situation and working capabilities of departments.

13 13

14

Some BCM Textbook Actions in this situation (Cont.)

Continuing the business in bcp mode using multiple bcp strategies such as;

Activity transfer to other city / country

Critical staff present extending their work time

Staff reaching office closure to their home and working.

Working form home.

Alternate / Manual workaround

Continuous coordination with building management to ensure

Diesel for generators are replenish regularly as state power was switched off.

Water logged near office gates was pumped out.

Transport vendor providing necessary support

IT coordinating with Telecom vendors to ensure that network link and mobile services which were disconnected are restored and ensuring that network links which were already up are maintained and not deactivated.

Provide use of Wi-Fi for calling .

Additional care and safety of staff, especially women staff.

Ensure staff has reached home safely by activating the call tree.

14

15

Potential Learnings from this situation

Staff to keep extra pair of clothes during monsoon

Keep adequate stock of food, dry snacks, drinking water

Immediate Booking of nearby hotel rooms. Identify Hotels, Service apartments, guest houses around office areas which can be engaged within short

notice. Procure adequate number of sleeping bags, bedsheets.

Facilities for shower, changing etc Arrangement with transport vendors to provide high rise vehicles. Have a pre-defined template to communicated with stakeholders, staff, media

Have appropriate notification tool, hotline number for communication with staff.Ensure electrical power supply rooms and generator rooms are installed on higher levels and not in

basements.Strategy to work from home if possible.

Unavailability of staff key staff due to personal exigencies, wanting to stay with family, unable to travel to work place.

Clarity of weather the staff should come or not in office – flexibility in leave policy.

15 15

16

Potential Learnings from this situation (Cont.)

Call tree list to have land line as alternate numbers where possible.

Office to have landline which can work even when IP phones are down.

BIA and BC Plans to have exact strategy on number of staff who can work from home, staff who can work in split team etc

List of critical staff and back up staff.

16 16

17

Any Questions?

17 17

Thank You