Business Continuity
Workshop
13 November 2013
Owen Paterson
Intend Business Development
What/Why/How
• Business Continuity (BC) is defined as the
capability of the organization to continue
delivery of products or services at
acceptable predefined levels following a
disruptive incident.
• Just common sense - taking responsibility for
your business and enabling it to stay on
course
• It is about “keeping calm and carrying on”!
DON’T
What/Why/How
• No organisation can have complete control
over unpredictable disruptions that often
happen,
• The consequences for some businesses are
devastating – it can lead to them never
trading again,
• Loss of customer confidence,
• Breach of contract,
• Damage to future business opportunities,
Standardised PQQ – Public Sector
• Have you, either as a supplier or in the supply chain, been involved in the
provision of any contract in the last 3 years for goods and services and 5
years for works, where the contract has been terminated or payment has
been withheld because your performance was not satisfactory.
• If applicable, has any member of your consortium been involved in the
provision of any contract in the last 3 years for goods and services and 5
years for works, where a contract has been terminated or payment
where payment has been withheld because their performance was not
satisfactory.
• If you have answered "Yes" to either question, please provide details
regarding the circumstances of the termination and details of any
remedial action that was carried out as a result of the termination.
Guidance
The Authority will not select bidder(s) that cannot demonstrate to its
satisfaction that appropriate remedial action has been taken to prevent
future occurrences.
What/Why/How
• Business continuity planning helps to ensure that
your organisation makes a successful return to
‘business as usual’ following a major interruption,
• Can you afford to just sit and wait in the hope that
you will not be affected by an incident,
• Prepare in advance,
• A Business Continuity Plan (BCP) is the least
expensive insurance any company can have,
• Want to convince potential customers what a
responsible/well planned/forward thinking
business you are,
What/Why/How
• Over 63,000 suppliers currently registered on PCS,
• Competition is greater than ever,
• It’s a process………every advantage counts
What/Why/How
• By having a tested
plan in place,
organisations will be
prepared for
unforeseen events,
enabling them to
recover speedily and
efficiently, so that
they are up and
running again in the
swiftest possible
time frame
What/Why/How
•
•
•
•
Where is your business vulnerable
What are your core functions
What are the risks
How can you mitigate against the risks (as
far as possible)
• Who needs to be involved
• Roles/Responsibilities
Core Functions/Risk
Core Function
•
•
•
•
•
•
•
•
•
Staff
Premises
I.T. Systems
Loss of Data
Loss of utilities
Vehicles/Equipment
Supply Chain
Safety of staff
Bad weather
Where is the Risk
•
•
•
•
•
•
•
•
•
Illness, Absence, Attrition
Fire, Flood, Damage
Failure, Hacking
System failure, No back ups
Closure of Premises, Staff sent home
Break Downs, Unable to Service
Increased Costs, Failed Deliveries
Prosecutions, HSE Investigation
Unable to Deliver/Cannot reach
work sites
What/Why/How
• A plan is as good as its implementation,
• A BCPlan comes into use only when a
situation calls for it,
• Test at regular intervals,
• Phone no's change,
• Providers change,
• People change ,
• Review/test/keep up to date…….
What/Why/How
Thank you for listening
Business Continuity
Workshop
13 November 2013
Owen Paterson
Intend Business Development
Preparing a BCP
•
•
•
•
•
Templates available
What information do you need
Who needs to be involved
Key staff - roles/responsibilities
Identify the risks/What can you do to
mitigate
• Recovery plan, timescales, actions
Information
•
•
•
•
•
•
•
•
•
Communications plan
Staff contact details
Press/trade journal contacts
Alternative sites/ Units available
Customer details/workplans
Supplier details
Bank/Insurance Details
Agency staff
I.T./Equipment providers
Preparing a BCP
Preparing a BCP
•
•
•
•
•
•
•
•
•
Core Function
Staff
Premises
I.T. Systems
Loss of Data
Loss of utilities
Vehicles/Equipment
Supply Chain
Safety of staff
Bad weather
•
•
•
•
•
•
•
•
•
Mitigation
Access to agency staff
Alternative premises, Work from home
Maintenance contract in place
Off site backups, Fireproof cabinets
Emergency No's, Work from home
Maintenance /service plans, Hire plans
Fixed prices, Alternative suppliers
Training, Risk Assessments
Four wheel drive vehicles available, or
arrangements to Hire if needed
Preparing a BCP
•
•
•
•
•
•
Rank the risks in terms of impact
LOW risk of occurrence - HIGH impact
Highlight where most action is needed
Where is the plan kept
Who gets a copy
Outline the actions and then allocate
responsibilities
• Staff training
• Needs to be signed off at senior level
Business Continuity Plan
The Supplier must detail their disaster recovery and contingency planning
arrangements, including the physical arrangements to protect hardware
and data from loss or disruption. This obligation subsists throughout the
duration of the Contract as and when such current details are requested by
the Purchaser.
Part G Business Continuity and
Disaster Recovery
5%
Evidence of process and procedures in
place to ensure continuity of service to
buyer in the event of adverse
circumstances affecting the bidder.
Please outline your approach to risk management for this project.
Please highlight what the key risks are for this project and how your
company would manage them.
Quality Weighting 10% Of total Quality Score
Does your organisation have systems or procedures in place to ensure
Business Continuity, particularly in the event of a major incident that may
remove operational capability?
Standardised PQQ – Public Sector
Describe your arrangement to ensure business continuity and to
enable disaster recovery, including the scope, validation, risk
treatment and leadership in these areas.
Guidance
You should demonstrate that your organisation keeps copies of
documentation setting out your business continuity and disaster
recovery procedures. These should include the arrangements for
business continuity and disaster recovery throughout your
organisation. You should set out how your organisation will carry
out its policy with a clear indication of how the arrangements
are communicated to your workforce.
Response
• We have a Business Continuity Plan (BCP) in place to make
sure that our business can continue to operate in the
event of a major incident.
• The plan has been developed over a number of years and
is reviewed each year by the management team to make
sure the business can be up and running within max 24
hours following a major incident with no or minimal
impact to our customers.
• The objectives of the plan are to define the Critical
Functions of the business and then o analyse the risks to these functions,
o identify methods to mitigate against the risks
o implement the mitigation methods
o test if the mitigation is effective
Recovery Action Plan
• 1st hour –
– Contact insurance
– Damage assessment
– Contact staff
– Transfer phone numbers
– Cancel deliveries
– Cancel mail
– Establish immediate priorities
Recovery Action Plan
• 1st 24 hours –
– Assess reports from Insurance, H & S Adviser
– Assess immediate implications for the business, in
lieu of above
– Draft a work plan to outline what operations can be
provided
– Report on the level of data and customer records
still available
– Prepare position statement and contact customers
to advise of problems and actions on-going
– Prioritise customer work and assess priorities
Key information
•
•
•
•
•
•
Key equipment requirements/asset registers
Software/Hardware
Stockholdings
Policy details/Passwords/Accreditations
Recovery log
Key Contact details
– Insurance (Buildings and vehicles)
– Bank
– I.T.
– Property
Business Continuity
• Business Continuity Planning is all about
envisioning what your business could do to
satisfy your customers and stakeholders should
the worst happen.
• You have to know how you could deliver an
agreed level of service during the crisis, and
then get back to normal as quickly as possible.
• Emergencies and disasters don’t discriminate.
• They can affect any organization or business,
including yours,
Business Continuity
• Space debris, solar storms, cyber attacks and climate
change are an increasing threat to businesses and their
supply chains, according to a study.
• A report, published by global reinsurance firm Guy
Carpenter, has highlighted the major emerging insurance
risk factors relevant to businesses and their supply chains.
• Threats to the data security of cloud computing and social
media has become a significant emerging risk with the
instances of cyber attacks reaching “alarming levels”, the
report said.
• As supply chains become more reliant on technology, they
have become more vulnerable to cyber threats. According
to the report, technology failure and cyber attacks
represent a greater threat to most organisations than
adverse weather, fire and social unrest combined.
• Supply Management (Purchasing and Supply website 18/9/2013)
Thank you for listening
Any questions for the speakers