Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Industrial Engineering
  3. Supply Chain Management

The Business Impact Analysis & Business Continuity

Supply Chain Related
Standards for Increasing
Resilience
Supply Chain Related Standards
1. ISO 31000: Risk Management
2. PD 25222: Supply Chain Continuity
3. ISO 28001: Supply Chain Security
Management
©2012 ICOR ALL RIGHTS RESERVED
BCM 5000.1.2
ISO 31000 Risk Management Standard
A risk assessment is performed when
management needs to understand the
organization’s potential to loss or
vulnerabilities
The purpose of RM is to reduce the impact
of the risks and exposures identified in the
RA
Impossible to identify all threats and
estimates of probability are often
guesswork
©2012 ICOR ALL RIGHTS RESERVED
BCM 5000.1.3
Risk Management Outcomes
Identification and documentation of:
Single points of failure
Prioritized list of threats to the organization or to
the specific business processes analyzed
Information for a risk control management
strategy and action plan for risks to be
addressed
Documented acceptance of identified risks that
are not to be addressed
©2012 ICOR ALL RIGHTS RESERVED
BCM 5000.1.4
Management of Risk Increases Resilience
Increases the likelihood of achieving objectives;
More aware of the need to identify and treat risk throughout the
organization;
Improves the identification of opportunities and threats;
Complies with relevant legal and regulatory requirements and
international norms;
Improves mandatory and voluntary reporting and governance;
Establishes a reliable basis for decision making and planning;
Improves controls;
Effectively allocates and uses resources for risk treatment;
Improves operational effectiveness and efficiency;
Enhances health and safety performance, as well as environmental
protection;
Improves loss prevention and incident management;
Minimizes losses; and
Increases organizational resilience.
ISO 31000
©2012 ICOR ALL RIGHTS RESERVED
BCM 5000.1.5
Framework for Managing Risk
©2012 ICOR ALL RIGHTS RESERVED
BCM 5000.1.6
Risk Management Process
©2012 ICOR ALL RIGHTS RESERVED
BCM 5000.1.7
ISO 31000 Risk Management Process
What may happen
and why?
What are the
consequences?
What is the
probability?
How to mitigate
or reduce
probability of the
risk?
©2012 ICOR ALL RIGHTS RESERVED
BCM 5000.1.8
Drivers of Risk Management
According to this graphic by
the Institute for Risk
Management (IRM), Supply
Chain Risk Management falls
under the category of
managing external
Infrastructure Risks.
It would be one aspect of the
organization’s overall risk
management strategy.
ISO 31000
©2012 ICOR ALL RIGHTS RESERVED
BCM 5000.1.9
Risk Assessment Techniques
©2012 ICOR ALL RIGHTS RESERVED
BCM 5000.1.10
Risk Description
©2012 ICOR ALL RIGHTS RESERVED
BCM 5000.1.11
Risk Management Assignments
©2012 ICOR ALL RIGHTS RESERVED
BCM 5000.1.12
PD 25222: 2011
Business Continuity Management –
Guidance on Supply Chain Continuity
Goal: Obtaining assurance of suppliers’
own continuity arrangements.
Audience: Supply procurement
Focus on key suppliers & dependence
on key customers
Use of a risk-based approach
©2012 ICOR ALL RIGHTS RESERVED
SCRM 2050.13
Promotes the Classification of Suppliers
Uses a “tier” approach
©2013 ICOR ALL RIGHTS RESERVED
Tier 3
• Supplies to tier 2
supplier
Tier 2
• Supplies products and
services to tier 1 suppler
Tier 1
• Direct contractual
relationship
SCRM 2050.14
Scope of Standard
Critical
Activities
Customers
©2013 ICOR ALL RIGHTS RESERVED
Suppliers
Supplies
SCRM 2050.15
Potential Types of Supplier Relationships
Recurring product/service suppliers:
Providing components, raw materials,
financing, property rental, essential fixed
asset maintenance, etc.
One-off or infrequent product/service
suppliers: Perhaps to provide a new piece
of capital equipment.
©2013 ICOR ALL RIGHTS RESERVED
SCRM 2050.16
Potential Types of Supplier Relationships
Outsourced or contracted out: Off-site
service or business process providers, such
as payroll bureau, IT services, contact
centre, logistics or distribution).
Strategic partners: Such as franchises,
distributors and joint ventures.
Cooperative relationships or
interdependencies between suppliers.
©2013 ICOR ALL RIGHTS RESERVED
SCRM 2050.17
Supply Chain Relationship Impact Factors
People: personal relationships;
Formal agreements: contracts, work orders,
service level agreements, operating level
agreements, etc.;
Information: electronic or paper; purchase orders,
design specifications;
Processes: workflow; product/service creation and
delivery;
Infrastructure: transportation systems, Internet;
Culture: business networks, trading relationships;
Environment: political, meteorological, economic
(e.g. foreign exchange rates), etc.
©2013 ICOR ALL RIGHTS RESERVED
SCRM 2050.18
Supplier & Contract Lifecycle
©2013 ICOR ALL RIGHTS RESERVED
SCRM 2050.19
Who Owns the Risk?
The organization owns the risk and must
manage supply chain risk and respond to
supply chain interruptions
©2013 ICOR ALL RIGHTS RESERVED
SCRM 2050.20
Supply Chain Continuity Management
Key benefit of effective supply chain
continuity management is the mapping of
supply chain results provides a better
understanding of where and how to
improve the organization’s supplier
management which should increase
efficiency and reduce the likelihood
and impact of supply chain
disruptions.
©2013 ICOR ALL RIGHTS RESERVED
SCRM 2050.21
Challenges
1.
2.
3.
4.
5.
6.
Scale and complexity of supply chain
Distance and visibility of suppliers
Existing contractual relationships
Lack of structured approach
Lack of business case
Lack of embedded responsibility across
stakeholder functions
©2013 ICOR ALL RIGHTS RESERVED
SCRM 2050.22
Challenges
7. Striking a balance between expense of risk
reduction & short term financial rewards
8. Differences in risk tolerance/appetites
9. International cultural and legal differences
10.Lack of power for smaller suppliers
11.Obtaining firm and meaningful service
commitments
12.Difficulty identifying indirect impacts
13.Difficulty understanding full cost of
disruption
©2013 ICOR ALL RIGHTS RESERVED
SCRM 2050.23
Supply Chain Mapping
©2013 ICOR ALL RIGHTS RESERVED
SCRM 2050.24
Impact of Loss of Critical Supplier
©2012 ICOR ALL RIGHTS RESERVED
BCM 5000.1.25
BCM Assurance & the Risk Portfolio
To implement a BCM assurance programme,
the following need to be defined.
1. The organization’s criteria for the BCM
capability of each tier of suppliers.
2. The organizational process from
procurement to business-as-usual
operation, including BCM consideration at
all stages of implementation.
3. The process of assurance itself, including
management of subsequent remediation
©2013 ICOR ALL RIGHTS RESERVED
SCRM 2050.26
ISO 28000
Security Management Systems for the Supply
Chain (October 2007)
Provides requirements and guidance for
organizations in international supply chains
to
• Develop and implement supply chain security
processes
• Establish and document a minimum level of
security with a supply chain or segment of a
supply chain
• Assist in meeting the applicable authorized
economic operator (AEO) criteria set forth in the
World Customs Organization Framework of
Standards and conforming to national supply
chain security programs
©2011 ICOR ALL RIGHTS RESERVED
27
Security of Cargo
Cargo Management – Protecting cargo
during all steps of manufacturing, shipping
and transport processes:
Efficient prevention, detection and
reporting of shipping process anomalies
(routes and schedules continuous review;
alerts management)
Adequate inspections during the shipping
process (in points where liability changes,
to packaging materials and vehicles
before being in contact with cargo).
©2013 ICOR ALL RIGHTS RESERVED
SCRM 2050.28
Security of Facilities
Facility Management – Guaranteeing the
security of the facilities where goods are
manufactured and cargo is stored and
handled.
Optimal warehouse/terminal layout
design (entry/exit controllability; clearly
marked control areas; sufficient light
conditions)
Efficient facility monitoring (24hr camera
system, security guards, filming activities
of loading containers, picking ).
©2013 ICOR ALL RIGHTS RESERVED
SCRM 2050.29
Security of Information
Information Management – Protecting
critical business data and exploiting
information as tool for detecting illegal
activities and preventing security breaches.
High protection of business information/data
(management procedures and storing
methods designed to protect information
from unauthorized access and usage).
Accurate and complete recordkeeping of
shipping information for potential security
audits (improved recordkeeping methods;
quality control of records, error correction).
©2013 ICOR ALL RIGHTS RESERVED
SCRM 2050.30
Security of Personnel
Human Resources Management –
Guaranteeing trustworthiness and security
awareness of all personnel with physical or
virtual access to the supply chains.
Professional employee hiring / exit
process (background checks; interviews
for leaving or fired employees).
Efficient information dissemination
process (internal and external publication
of the company security policies).
©2013 ICOR ALL RIGHTS RESERVED
SCRM 2050.31
Security of Company
Company Management Systems –
“Building security” into internal and external
organizational structures and company
management systems, including supplier,
partner and client management processes.
Adequate business partners evaluation
system (selection of low risk and high
security compliant suppliers, clients and
subcontractors).
Complete company security management
system (defined security processes, defined
and controlled security indicators, internal
and external audits).
©2013 ICOR ALL RIGHTS RESERVED
SCRM 2050.32
Vulnerability Map
©2013 ICOR ALL RIGHTS RESERVED
SCRM 2050.33
Mapping by Key Process Area & Readiness
©2013 ICOR ALL RIGHTS RESERVED
SCRM 2050.34
SCRM Maturity Levels
©2013 ICOR ALL RIGHTS RESERVED
SCRM 2050.35
In Summary
1. Using the management system described by
ISO 31000 to manage risks across the supply
chain can mitigate risks and minimize supply
chain interruptions.
2. An organization’s procurement specialists
need to understand the importance of
different suppliers and provide assurance that
contracted services can be provided even
during a disruptive incident.
3. Supply chains also face risks related to
security logistics. These also need to be
managed.
©2013 ICOR ALL RIGHTS RESERVED
SCRM 2050.36
Questions?
Lynnda Nelson
President, ICOR
Lynnda@theicor.org
866-765-8321 North America
+1630-705-0910 International
www.theICOR.org
©2013 ICOR ALL RIGHTS RESERVED
37
Related documents
November 2012 Newsletter
November 2012 Newsletter
Certified Data Center Specialist (CDCS)
Certified Data Center Specialist (CDCS)
Compare the age structure distribution of developed countries in
Compare the age structure distribution of developed countries in
Answer Set 1
Answer Set 1
Distribution of U.S. Population by Race/Ethnicity, 2010 and 2050
Distribution of U.S. Population by Race/Ethnicity, 2010 and 2050
World Population
World Population
Growth rates
Growth rates
Download