Minimising business interruption losses Business continuity planning – A risk management tool

Contents
What is business continuity planning (BCP)? The fact that companies are heavily interconnected these days means that business interruption can cause immense losses. BCP minimises the risk of stoppages. Recognising risks: Threat analysis In order to prevent risks, you first have to recognise them and assess them properly. But how? 11 3

Identifying areas of weakness: Business impact analysis What happens if today a supplier fails to deliver, a machine breaks down or a location is destroyed? Do you know your company’s reaction times? Establishing responsibilities: Business continuity organisation Clear structures are needed to plan for and deal with crises. Who does what when everything is in turmoil?

17

19

Developing crisis strategies: Disaster recovery plans Emergencies cause havoc. How do you plan for the unthinkable? From the alerting routine to resumption of the business function.

23

Rehearsing for the real thing: Testing and developing BCP Only a disaster recovery plan that is constantly practised and developed can provide protection. Does the BCP meet current requirements? Transferring risks: Business interruption insurance BCP helps minimise losses due to stoppages. What does business interruption insurance do?

31

33

Summary Glossary Authors, literature and internet links

40 41 44

Munich Re Minimising business interruption losses

1

air-conditioning systems. the market offers numerous options. What is more. suppliers or customers are suddenly no longer there. technical or environmental risks – from operating error to global catastrophe – in such a way that operations are restricted as little as possible. In order to arm such systems against technical damage and interruptions. liability claims can also arise – for example where delivery dates are not met as a result of a business interruption. The idea of BCP is that it allows companies to man- age human. Business Continuity Planning (BCP) is a relatively new method. Moreover. investors. these do not protect the company when. a business interruption can therefore also cause immense losses far from where it happens. Nevertheless. BCP strategies and networks help prevent production discontinuities and maintain operations if need be even under adverse conditions. Business interruption can mean losing customers and damages a company’s image with business partners. However. They are individually and wholly tailored to the specific structures. the consequences of an abrupt break in business processes can threaten a company’s very existence.What is business continuity planning (BCP)? As production processes become ever more complex. Integral company protection Take the example of an internet computer centre: transferring a gigantic terabyte flood of data requires a large number of hardware components. the networking between companies and their economic interdependencies increase. Today. operational. A reliable BCP model includes all the company’s typical business processes and risks and describes Munich Re Minimising business interruption losses 3 . Whether e-commerce. for example. financial management or manufacturing industry is involved. for protecting business functions against serious crises and minimising the consequential losses arising from business interruption. shareholders and the general public. experience shows that most companies are not prepared for business interruptions and have not developed any solution concepts for site-specific contingent planning. or the entire staff at a production facility falls ill as a result of a flu epidemic. connections. crisis management and the resumption of operations following a crisis. September 11 and international terrorism have made firms drastically aware of just how vulnerable they are. fire detection systems – and of course a power supply. processes and security strategies of the company concerned and meet the requirements that the company itself has set. for small and medium-sized enterprises too. An interruption to business operations is every company management’s nightmare. BC solutions are more complex than conventional safety measures. currently becoming established worldwide. More and more complex production processes and the associated dependencies and economic interdependencies are making companies increasingly susceptible to disruptions. Effective business continuity planning is therefore all the more important.

Source: MR Risk Management and Industrial Insurance Workshop in concrete terms how these act in combination with each other: x hours’ shutdown of process y costs z euros of turnover. it is thus essential to look at the company as a whole and take account of all corporate levels. such as organisation. nature and social setting. 4 Munich Re Minimising business interruption losses . storage of finished gears (multi-level storage system) Quality control Building Subassembly Coordination of ring gear + pinion shaft of rear axle Gear testing Storage (small parts) (multi-level storage system) Rear axle gear subassembly Compressed air supply unit assembly Front axle subassembly Gear production Coupling assembly Storage (parts for customer service) Storage of castings Storage of steel parts Shift gear assembly Engine subassembly Customer service Storage of oils for engines Storage of engines (custommade design) Railroad Production line Internal transportation Incoming cargo. hydraulic parts Storage of driver’s cabins Storage of body parts Storage of wheels Storage of front loader Building Storage Tractor storage Fuel station Hydraulic lines bending machine Tractor modification and repair Draw bar and power lift assembly Tanks and hydraulics assembly Paints. It is therefore advisable when drawing up or using a business continuity plan to appoint a BCP Officer at senior management level to coordinate one or more teams made up of members from all functional areas and central divisions. If one component in the production chain is missing. Pragmatism is therefore an essential element of workable business continuity planning. environment. suppliers. this disrupts the whole integrated process. On this basis. The holistic structure of BCP includes both a company’s internal factors. cleaning agents Storage (large parts) Fuel station Building Manufacture Storage for gear production. In order to establish BCP in a company. and external factors such as customers. infrastructure and information and decision-making channels. all the organisational procedures are already established with a view to keeping the consequences of risks small. 1 Internal and external dependencies of a tractor manufacturer Building Final assembly Oil tank Storage of brakes.Fig. But even a multi-layered concept for crises and catastrophes – which is to say for events that cause uncertainty and panic – must be simple and understandable. delivery just in time Incoming cargo by truck Incoming cargo by railroad Outgoing products by truck Outgoing products by railroad Production processes are becoming more and more complicated.

In principle. After 250 days. Loss reconstructions show that mostly a combination of unfortunate circumstances is involved. however. checks should be carried out in all cases to see whether existing continuity tools. Illness. the economic investment in this strategy pays off within just a few hours when there is an emergency. the potential impact. Cash shortage. However. it can be seen quite clearly that the curve drops immediately after the occurrence. For the purpose of BCP is not to overregulate but to cushion the consequences of any discontinuity. These costs are compared with the preventive and reactive expenses involved in BCP. and the probability of the risks occurring. could be used or adopted. Redundant. Business continuity planning aimed at 100% protection against incidents would be unrealistic purely on economic grounds. Just as the certification of quality or environmental management soon proved to be a competitive advantage. In the risk analysis that is carried out at the start of any BCP. However. explosion. it should not in any way be seen as hindering the core business or making it more expensive. A risk-aware company management will set great store by a BC strategy. A lot more information and raising of awareness is required here. duplicated IT architecture constantly running in parallel would therefore hardly be justifiable – unless specifically prescribed under company guidelines. while the lower curve plots that of a company without. Cost-benefit considerations Looked at in the short term. In order to optimise expenditure. guaranteeing business processes are also increasingly likely to convince shareholders. The individual situation of the company concerned always forms the basis. Negligence of employees The causes and risks of a business interruption can be internal or external. Munich Re Minimising business interruption losses 5 . as they depend on the nature of the possible losses. for example those of suppliers or other business partners. the positive effect of the recovery system on shareholder value can already be seen within the first few days. BCP as a competitive argument BCP should not be underestimated as a shareholder argument either. BCP may appear to be a management task with little operational productivity and a pure cost factor. the following applies: the tighter the safety net and the greater the availability. not exhaustive) Delivery delay Strike Insolvency of clients Pandemics Further technological development Computer viruses Natural hazards Shortage of raw materials Product liability Third-party liability claims Power failure Fire. Usually. BCP entails costs – that is a simple truth. In both cases. the difference between the two curves is around 25%. The upper curve plots the 250-day course of the shareholder value of a company with a disaster recovery concept. idle production costs and any damage to a company’s image as a result of business interruptions of typical duration (between a few hours and several days) are calculated. The graph below shows the results of a Marsh-Oxford study that examined the effects of 15 man-made disasters on shareholder value.What is business continuity planning (BCP)? Fig. the occurrence of any one of the above risks is enough to trigger a chain reaction. Decision-makers very often misjudge the losses caused by business interruption and underestimate the benefits of effective BCP in ensuring a company’s continued existence in an emergency. damage to machinery Accidents. There is no rule of thumb for the level of costs involved. 2 Internal/External risks (Examples. the higher the costs. Sabotage/arson Electrical/electronic damage.

For the financial sector. In its “Minimum requirements for the conduct of banks’ commercial transactions”. liability claims). The German Corporate Control and Transparency Act (KonTraG) was introduced in 1998 as an earlywarning system for crisis potentials and crisis prevention. it is precisely in such firms that even minor disruptions to business processes may threaten their very existence. as well as alternative solutions that can be implemented in the short term in the case of stoppages due to technical factors. determine the possible effects on their business. For example. in so doing. in workshops. a product recall can very quickly mean production downtime and thus business interruption. for small or medium-sized enterprises. As small and medium-sized enterprises are less complex than large ones. reputation. This is because they do not have the necessary resources to be able to absorb business interruption losses. they carry out risk analyses that are tailored to their company and. What can be done in such companies to get production restarted quickly? When implementing BCP. and they have fewer production facilities and therefore also fewer business processes and dependencies. employees (job security) and customers (reliability. Cumulative abnormal returns (CAR) in % 20 15 10 5 0 –5 –10 –15 –20 0 50 100 150 200 250 Trading days after the event Shareholders reward BCP: 250 days after an incident. 6 Munich Re Minimising business interruption losses . the shareholder value of companies with a disaster recovery concept is. in Germany Section 25 of the German Banking Act (KWG) calls for “appropriate safety measures”. On the other hand.What is business continuity planning (BCP)? Fig. on average. At the international level. which has legislative powers. the cost of protecting them is correspondingly lower. these firms should not spend too much time dealing with probability analyses of all the risks but should concentrate on key points. Is BCP also advisable for small and medium-sized enterprises? The good news for small and medium-sized firms is: effective and appropriate BCP need not be expensive. the German Federal Financial Supervisory Authority (BAFin) prescribes a written disaster recovery plan and calls for provisions against personal accidents and software errors. Smaller enterprises can save themselves considerable time and money if. but also the Federal Reserve in the United States and the UK’s Financial Services Authority (FSA). Source: RIMS Risk and Insurance Management. Statutory requirements. “Basel II” for example. binding commitments and standards also demand transparent risk management. 25% higher than that of companies without. lay down special guidelines. Society/2002 (Marsh/Oxford study of 15 man-made catastrophes) Development of the shareholder value of a company with a disaster recovery concept Development of the shareholder value of a company without a disaster recovery concept Statutory requirements and guidelines BCP is a suitable crisis intervention tool not only from the point of view of shareholders (image. proximity to the market). 3 Development of a company’s shareholder value with and without a disaster recovery concept after business interruption.

3. The quality of the wide range of consultancy services on offer varies considerably. Since. small and medium-sized companies set themselves the following tasks: – Ascertaining why an activity.org – PAS 56 (Publicly Available Specification). Point 6.ffiec.bsi. There are now numerous providers of business continuity services.org – BSI (British Standards Institution). a procedure or a process is important for the enterprise – Identifying risks that are significant – Determining the probability of occurrence of these risks and the possible extent of any resulting loss – Documenting measures that are to be taken in the event of a business interruption – Training staff to enable them to proceed correctly when faced with specific hazards – Reviewing.org – ISO/TS 16949 Quality Management Systems in the Automotive Industry. any expense incurred in connection with a change in the decision about the contract term should be included. in the relatively complex or sometimes even confused market. The ISO Survey of Certifications 2005 www.org – DRI (Disaster Recovery Institute).What is business continuity planning (BCP)? The priorities for maintaining business continuity can then be established on this basis. For an optimum business continuity strategy. and is heavily criticised in some specialist circles. Standardised BCP solutions – DIN ISO 17799 – BS (British Standard) 7799-2:2002 – HB 221:2003 Business Continuity Management from Standards Australia – FFIEC (Federal Financial Institutions Examination Council). however. it is not easy for companies to find suitable outside support or a provider service.org.gov – NFPA 1600 (National Fire Protection Association). There are several BCP standards that companies can take their bearings from for their business continuity planning – for example the systems approach set out in DIN ISO 17799 or its British “precursor”.thebci. www. The Business Continuity Institute. and references should therefore be sought. the service costs for business continuity.gov – NIST (National Institute of Standards and Technology).iso. www. ISO 17799 has not yet been generally recognised as a standard.nist. have fallen annually by an average of 20%. From today’s standpoint. www. however. Outsourcing Drawing up a business continuity concept is a typical case for outsourcing. BS7799-2:2002. The market is growing steadily.drii. contracts with a maximum term of two years are therefore recommended. www. new BS25999. BCP step by step Business continuity planning can be divided roughly into two areas of responsibility: The first includes all planning aimed at minimising risk and preventing business interruption. The second concerns the planning of all measures that are to be taken following an emergency in order to maintain business operations or to restart them following a business interruption. www. www.nfpa.2 Disaster Recovery Plans. These standards try to cover an information security management system in a similar way to the definitions in a standardised quality assurance system or an environmental management system. adapting and testing crisis plans regularly According to one of the best-known consultancies. especially in the area of IT.uk Munich Re Minimising business interruption losses 7 . and many management consultancies have “discovered” BCP for themselves.

These always depend on the individual situation in the enterprise. so that they can be implemented at any time. Implementation of the agreed strategy is the last link in the chain of a properly functioning business continuity plan. It divides the process of business continuity planning into nine steps. plans. Step 7: Work out an emergency communication strategy for the company. facilities. audit and practise the relevant disaster recovery plans under real conditions if at all possible. and especially on the current organisational and internal structure. usually known as a “disaster recovery manual”. 4 The Australian standard Because of its clear. 8 Munich Re Minimising business interruption losses . names of people. Step 9: Integrate plans into the daily business. This will contain. equipment and much more in checklists. an outside agency should be engaged to do this. decision aids. BIA) Step 4: Draw up a detailed strategy for site-specific contingent planning. pragmatic continuity plans and draw up documents fo the strategy chosen in each case. The management of any business recovery is laid down precisely in documentation. alerting lists and alerting levels. as well as for customers. Step 6: Implement the strategy: develop easily understandable. A business continuity strategy and BC guideline are then developed. well-organised structure. The company’s communications or PR department usually takes on this task. Maintaining & 8 Testing Plans 1 Commencement Communication Strategy 7 2 BCP Life Cycle Risk & Vulnerability Analysis (Threat Analysis) Continuity Plans for the chose Strategy 6 3 Business Impact Analysis Resource Interdependency Requirements 5 4 Response Strategy Step 1: The start of any BCP involves raising the company management’s awareness. the newly developed Australian standard HB 221:2003 offers a very good basis for the structure of a business continuity plan. target groups and suppliers. which are explained below: Activation & Development of Plans 9 Training. etc.What is business continuity planning (BCP)? Fig. Step 2: Examine the company as a whole for conditions and processes that are critical for business interruption (threat analysis) Step 3: Determine how long the company can continue to operate without its existence being jeopardised if critical areas fail (business impact analysis. address lists. Step 5: Determine all the factors needed to be able to proceed according to the individual plans. for example. Should the company not have such a department. Step 8: Maintain. crisis management and resumption of operations (recovery).

What is business continuity planning (BCP)? Fig. Commercial traveller. media – Loss of image Normal worldwide exposure Origin of the virus Enterprise Limited risk Firewall By e-mail Employees as private users at home Increased exposure on account of poor risk awareness Direct transmission of virus through data media External risk from SARS Normal worldwide exposure SARS area of origin Local SARS-exposed branch. falling sales Financial losses Loss of market shares Insolvency in the case of correspondingly long downtime – Shareholders – Press. image MBI Incoming goods department Forklift truck Production. falling sales – Financial losses – Loss of market shares – Possible temporary loss of staff – Loss of know-how – Shareholders – Press. press. assembly Machinery breakdown in the company’s only production line. can affect the headquarters Enterprise – Closure of business by authorities – Business interruption – Stagnating. Internal risk from machinery breakdown (MBI) Warehouse – – – – – Business interruption Loss of market Financial losses Liabilities Payment of wages and salaries – Bankruptcy – Shareholders – Media. replacement time five months BI Manufacture Internal transport Supplier Quality assurance Packing Distribution External/internal risk from computer viruses – – – – – – Crash. in the absence of crisis management or risk management measures. failure of IT Business interruption Stagnating. Visitors from SARS area. Tourist in SARS-exposed area Increased exposure that. 5 Practical examples The following diagrams show examples of how business interruptions can arise. media – Loss of image Munich Re Minimising business interruption losses 9 .

.

All threats that increase the probability of a business interruption occurring are documented in a risk profile and assessed individually and in a company-specific way. The results are used to assess the impact of specific outages and establish business recovery priorities. The more critical that business processes are in terms of time. Certain defined residual risks will undoubtedly have to be accepted in any case. Threat analysis is understood to mean an individual. The less one can do without a specific infrastructure.g. power failure. This involves examining the business as a whole for conditions and processes that are critical for business interruption. It is therefore a case of sensibly weighing the risks according to the company’s specific interests against the investment needed to safeguard them – for example the probability of a power failure and its duration against the cost of an emergency power generator. fire. however. would be so expensive that it would be unrealistic to do this in practice.Recognising risks: Threat analysis All BCP starts with a threat analysis tailored to the company. the more imperative it is to incorporate them into the BCP concept. “Risk frequency” and dependence on specific infrastructures are also important variables for the costbenefit analysis of any BCP. and the more intensive the IT infrastructure. act of terrorism. accident. partners and markets? – What impact would an outage (per defined time) have on customers. This usually involves asking the following questions: – What impact would a disaster or a system failure have on the enterprise (e. The risk profile makes it possible for the management to assess the potential risk situation in a strategic way. holistic risk analysis of an enterprise. the higher the cost of having this available in an emergency will be. turnover and profits. The following methods can be used to determine an enterprise’s weak points: Checklist The conditions and processes within an enterprise that are critical as far as business interruption is concerned can be examined using a checklist. for example. failure of deliveries)? – What consequences would the failure of critical functions in the enterprise have? – How long can a company cope with outages in the business as regards customers. Safeguarding the entire infrastructure. suppliers and employees? – Are there already suitable solutions for controlling or minimising risks? Munich Re Minimising business interruption losses 11 .

serious risk control. above all. Analysis of the supply chain The progressive automation. catering Loss of know-how Plants Incoming goods Outgoing goods Quality assurance Internal transport Accidents Driver training Loss of media Suppliers JIT Explosion/disruption of operations Liability of management and board members External consultants D+O Fire protection Management Personal protective kit Loss prevention Professional association Safety at work Products Sale Loss Product stockpile Customer Quality Environmental compatibility Durability Recall organisation Media/press contacts Insufficient product sales Market The risk map gives an overview of a company’s entire potential risk situation. air. The relationships between the individual risks also become visible. Especially mediumsized firms with a lot of equipment and numerous suppliers. This makes it possible to visualise a company’s risks graphically and to represent the relationships that exist between the individual risks in reality. The following important factors and questions should be taken into account in order to safeguard the supply chain (supply-chain risk management): 12 Munich Re Minimising business interruption losses . rationalisation and integration of modern industry has led internal and external dependencies of operating processes.Recognising risks: Threat analysis Fig. Risk mapping The risk-mapping method utilises the work technique of mind mapping. customers and distribution channels should subject their supply chain to regular. “dependency risks” in particular must be looked at. specialisation. 6 Example of a risk map Age Maintenace Replacement parts Replacement time Parts supplier Alternative supplier Organisation EAN Traceability Lists of contacts Buyers of the products Distribution centres Water Electricity Gas. Risk mapping is therefore eminently suitable for identifying weak points with respect to business interruption. products and services to become more and more serious. fuel oil Commodities and raw material New installations New software Malfunction Debugging External capacities Risk management tool Stock Age of vehicle fleet Maintenance Incentive system Machinery Supplies Technology Recall of defective products Motor vehicle fleet Liability situation Firewall Viruses Contents of web pages Hardware Internet security Business interruption Crisis Organisation BCM Press Forklift trucks New legal situation EU liability Initiation Regulation Politics Crisis management Business interruption risk analysis Duty to make premises safe for persons/vehicles Visitors Workforce Self-propelled machines Soil. critical bottlenecks in business processes. water Emissions proctection officer Emissions Plant safety Liquid media Solid and gaseous media Number Supply chain management Fire extinguishers Fire control plan Drills Environment Human resources Public liability Production Operation resources Media losses Safety at work Canteen. In order to better identify and quantify threats and.

high and very high. The risk matrix is divided into two areas: one consists of the risks that are acceptable to the enterprise. 7 A company’s extended value chain Subsupplier Key supplier External customer Subvendor Key vendor Primary facility Internal customer External customer Subcontractor Key contractor External customer This diagrammatic representation of the true value chain clearly shows an enterprise’s “key dependencies”. using loss-prevention and loss- Munich Re Minimising business interruption losses 13 . it becomes possible to put a figure to the maximum exposure. Risk matrix In order to show the company’s complete risk situation in graph form.Recognising risks: Threat analysis Fig. Currencies could also have been used equally well. the risks are entered in a risk matrix according to their loss amount and probability of occurrence. (2) Loss-minimisation measures already taken into account. Table 1 Safeguarding the supply chain – Example of a dependency analysis Key suppliers Location Gross exposure in €m (1) Max. In this example. disaster recovery planning)? – Is temporary relocation to other production units with spare capacity possible? – Have any contract penalties (so-called “force majeure clauses”) been agreed? – What risks can be insured. and how? (see Section 7: “Transferring risks” in this connection.g. period of interruption in month (2) 4 Net exposure in €m Loss-minimisation measures 1 D 500 167 Production moved to supplier’s 2nd location Production outsourced to company X Changeover to another supplier Changeover to another supplier 2 3 4 GB I A 200 80 50 6 3 8 100 20 33 (1) As a proportion of the company’s total turnover. period of interruption for own company) – Preparation of a risk portfolio for both the supply chain and the customer chain – What measures (alternatives) can be taken to maintain one’s own business in the event of loss of suppliers or customers (alternative suppliers. The probability of occurrence of a risk is plotted on the X axis and the maximum amount of loss on the Y axis. moderate. – Identification of key suppliers and customers: degree of dependence with respect to total turnover (maximum loss of earnings. Once the key dependencies (e. the key suppliers) have been identified. taking account of the possible loss-minimisation measures. The aim of risk management and business continuity strategy is to convert all unacceptable risks into acceptable ones. both axes are subdivided into low. the other of the risks that are unacceptable.

At the start of the crisis. the business interruption gradually becomes apparent and finally crosses the point of no return. Each weak point is given a number and is described together with the cause and the measures to be taken. To ensure that the plan of action is also implemented effectively. Acceptable High Unacceptable 1 Moderate Line of acceptance Remaining residual risk Low 2 3 Low Moderate High Very high Risk Probability of occurrence (x axis) minimisation measures. however. so that they can resume operation in the required time following incidents? – Are there plans to test and update the BCP regularly by means of practice drills? Risk analysis in combination with risk evaluation The model below offers one way of analysing risks that are critical as far as business interruption is concerned. very high) and prioritised (short-. What technical.Recognising risks: Threat analysis Fig. the measures are rated according to their effectiveness (low. the smaller will be the probability of occurrence of a business interruption and any associated company crisis. the crisis assumes its characteristic course. The risk manager must determine the totals for the relevant measures in consultation with the persons responsible in the departments concerned. – Are the critical functions and processes in the company defined? – Does useful documentation exist on the frequency. organisational or other measures and aids are used to do this will depend on the company’s individual situation. particular attention should be paid to restoring business activity as quickly as possible. it is advisable to draw up a list of measures. the following key questions arise for the business continuity management. Plan of action for reducing and controlling risk Once the risks have been identified and evaluated. Finally the costs to be expended are to be estimated. At the end of the threat analysis. Risk 2 a fire in the main production facility. In order to be able to proceed as effectively as possible. and Risk 3 the loss of the main supplier. it is important to appoint an officer with specific duties and the right to issue instructions. 8 Example of a risk matrix Loss amount (y axis) Very high 3 1 2 This risk matrix shows three risks that can trigger a business interruption independently of each other: Risk 1 concerns the recall of defective products. It will not always be possible. 14 Munich Re Minimising business interruption losses . The smaller the risk of a loss occurring and/or the amount of loss. Its major advantage is that the risk can be presented at a glance: The level of lost production depends on the duration of the business interruption and determines the magnitude of the crisis. This will show the company-specific areas of weakness of any business interruption in a systematic way. to move all the risks into the acceptable area (as shown above). data and operating resources are also laid down for the recovery of the business? – Are the IT and communication systems sufficiently protected. moderate. Here. with the subsequent business interruption and associated production discontinuity (business interruption gap or BIG). The end of the crisis is also known as the “RAG” (return after the gap) point. From there on. Finally. long-term). medium-. scale and causes of business interruptions? – Do comprehensive disaster recovery plans exist in which the necessary strategies. the company manages to get the situation under control again and return to the initial level of production. high.

the steps to be taken can be followed individually and checked for their effective implementation. Point of no return Return after the gap Table 2 Risk reduction measures Risk Identification No. 3. Weak point 1. Based on this list of measures.Recognising risks: Threat analysis Fig. 2. Cause Risk evaluation Amount of loss Low Moderate High Very high Probability of occurrence Low Moderate High Very high Risk reduction Measure Effectiveness Priority Risk control Costs Responsibility Low Moderate High Very high Immediate Mediumterm High Longterm Low Moderate High Very high Name The measures to reduce a company’s risks are determined and prioritised with reference to the hazard potential of individual business processes. PR campaign Very high Low High Low Level of lost production Business interruption gap (BIG) Behaviour curve of the production discontinuity Start of crisis During the crisis End of crisis Time characteristic of the business interruption/production discontinuity The diagram clearly shows the time characteristic of the business interruption and production discontinuity in association with the level of lost production. Munich Re Minimising business interruption losses 15 . available as cause of fault not found Production discontinuity for indefinite period Production discontinuity and business interruption. 4. loss of customers Not available Short-term replacement of main supplier. damage to image Not available Troubleshooting with external consultants Restoration of production Fastest possible resumption of production Fastest possible resumption of production Fastest possible resumption of production Fire protection not checked Very high Low Very high Moderate Threat to company’s existence. 9 Model of a risk analysis in combination with risk evaluation Event Critical business point Business impact Business impact analysis Mitigating actions Target recovery Loss amount After improvement of the risk Very high Moderate Probability After improvement of the risk High High 1 Recall of defective products 2 Fire in main production facility 3 Loss of main supplier No organisation chart available Business Not interruption.

.

an overview of the contingent workplaces that will probably be needed. questions are put to the senior management. and emergency concepts. the required condition and the actual condition are compared with each other and any weak points identified. What monetary loss arises? And how long would it take to get the business up and running again? The business impact analysis (BIA) is the cornerstone of BCP. The BIA can also include initial proposals on how to solve the problem (e. Based on the information received. it is necessary to clarify the following: What resources are needed for the business process? If individual production units or processes should fail.. In order to determine the relevant business processes at risk of failure and describe them in detail in terms of their importance and impact.? The business impact analysis is used to determine what happens when a specific business function. an analysis is carried out to ascertain how long the company can continue to operate without its existence being jeopardised if areas identified as being at risk fail. transitional procedures and disaster recovery strategies worked out. how long would it take for a replacement to be made available or for the situation to be remedied? Munich Re Minimising business interruption losses 17 Reaction time in hours 0 to 2 2 to 8 8 to 24 24 to 72 72 to 120 120 to 240 > 240 Alternative solution possibility? If so. emergency staff or possible third-party production). In order to ensure that business functions and processes are available. For areas in which a need for action has been established. any interdependency and contingent losses (see Glossary) arising from the stoppage must also be taken into account. The business impact analysis results in statements about: – Loss potentials – Restart times for critical business functions. the resources needed for disaster recovery are determined. infrastructure and contingent workplaces Performance of the business impact analysis is followed by: – Consolidation of the results An overview of the critical business functions and their restart times. with regard to contingent workplaces. Here. what? .g. as it forms the basis of the further recovery strategy. a machine or a production process fails. a definition of a standard contingent workplace – A draft final report with proposals on how the various disaster recovery plans are to be implemented Table 3 Restart times of essential business units and functions after a stoppage Necessary resources Location Building Machine Personnel PC/software/e-mail Phone/mobile/MDA PDA Fax Pager Copier Office space Archive Input info Output info As a prerequisite for company-specific emergency preparedness.Identifying areas of weakness: Business impact analysis What happens if .. The investigations are based on the qualitative and quantitative loss experience in relation to the non-productive time. and also – Emergency staff.

.

Only a clearly structured business continuity organisation can ensure that strategies are developed. The BC core team works strategically.Establishing responsibilities: Business continuity organisation Effective business continuity planning concerns all divisions of a company and requires cooperation at all hierarchy levels. Care should be taken to ensure that all the people involved in preparing and maintaining the business continuity plan are well acquainted with the company’s infrastructure and processes and suited to the tasks in question (e. Make-up of the BC team The top position in the BC management should be held by a representative of the highest company level. experts may support the teams as required.g. maintained and properly implemented in an emergency. This ensures presence and understanding for BC policy. evacuation or IT operations). A “modular” organisation guarantees transparency. The BC core team should be made up of representatives from the most important and most at-risk areas of the company. Besides the management team. Munich Re Minimising business interruption losses 19 . as well as for the associated planning and its implementation in an emergency. established. individual teams can take on more tightly defined tasks: a crisis team could operate locally and objectively in the closest possible proximity to the emergency while emergency service teams were safeguarding the infrastructure and recovery teams were already starting with specific disaster recovery activities. It is also vital that the responsibilities within the BC process as a whole are clearly defined at all times. as such a person can optimally motivate employees at all company levels: BCP is a matter for the boss. What system is preferred will depend entirely on the practice at the company in question. Flexible manning of the team is also possible: in order to incorporate special knowledge and take account of the various business units and possibly even include several locations. Instead of a central BCP organisation. defining the impact of an incident and managing all the continuity activities. it is also possible to have BCP that is organised in a decentralised way.

The people are requested to do as they did in the case of emergency XY. this is made up of those responsible for site-specific contingent planning. strategies and general guidelines that are to be applied – Authority to issue instructions to all the units concerned with regard to BCP topics – Safeguarding. refining and adapting the standards. managing and coordinating the worldwide BCP organisation (with respect to both loss prevention and loss minimisation) – Advising the Board of Management or the General Manager on all BCP matters. This happens automatically with the help of special software and an announcement text over the phone. of course. crisis management and business recovery at the individual locations. audit and development) area – Exposure analyses – A report to the company management The virtual BC matrix organisation In order to safeguard the BCP process within the company. edit and forward e-mails with attachments. the BC Management should set up a virtual BC matrix organisation. including in crisis situations – Consulting – Drawing up the business continuity guidelines – Reporting to the Board of Management or the General Manager Reporting involves: – An annual situation report on the current status of the BC organisation within the company – A regular report on the BC organisation. Multimedia digital assistants (MDAs) guarantee optimum communication. or to make their way to the crisis centre immediately. The local business recovery coordinator is the business unit’s representative at the location. A prerequisite for the operational use of MDAs is. The global business coordinator belongs to the first level of management below the Board of Management. Incident coordinators take care of site-specific contingent planning and local crisis management planning. Reachability in a crisis situation The most modern aids should be used to ensure that members of the BC organisation and the crisis management teams (CMTs) can be reached in an emergency. Global business recovery coordinators are responsible for business recovery planning in the relevant divisions. Assigned to these in each company location are local business recovery coordinators. The incident coordinator can be the head of the local facility management unit. as they can be used like a mobile phone but are also able to receive. that the users in question are online. all the people named in the alarm plan are immediately informed about the situation. 20 Munich Re Minimising business interruption losses . the BC master plans and the MEAD (maintenance. who are responsible for local business recovery planning. for example the Branch Manager or the member of the Board of Management of a subsidary domiciled there. exercising. international organisation of BCP – Constantly adapting and reviewing BCP responsibilities within the company’s individual organisational units and the global organisation – Defining.Establishing responsibilities: Business continuity organisation Tasks of BC management: – Loss-prevention research and scenario planning – Enquiring about and ascertaining crisis-relevant information in the individual divisions in order to establish exposure to accumulations – Comprehensive. Based on the existing personnel structure. In a crisis situation.

etc. it is advisable to set up at least one crisis centre outside the operating site. washing facilities and food and drink. Crisis centre There should be several crisis centres. Wherever possible. MDA – Press Room – Secretariat Munich Re Minimising business interruption losses 21 . – Photocopiers – Disaster recovery manual – Radio – TV – Telephones – Fax – Mobile phone. crisis centres need to have the following technical equipment: – Several computers and relevant software – Internet access and the possibility of accessing Reuters Insurance Briefing. The crisis centres must be accessible round the clock and big enough to hold all the members of the crisis management team. The schematic diagram of the BC matrix organisation shows how the individual BC management tasks and functional executives are linked to and depend on each other. Bloomberg. as well as having rest rooms. These should be spatially separated from each other so that they will not all be destroyed in the event of an explosion. toilets. for example. but some management consultants recommend up to five.Establishing responsibilities: Business continuity organisation Fig. To enable the crisis management team to work. 10 Example of a virtual BC matrix organisation Chairman of the Board of Management/ General Manager BCM Head Office Global Business Recovery Coordinator Divisional Unit A Global Business Recovery Coordinator Divisional Unit B Global Business Recovery Coordinator Divisional Unit C Incident Coordinator Group Location A Local Business Recovery Coordinator Divisional Unit A Local Business Recovery Coordinator Divisional Unit B Local Business Recovery Coordinator Divisional Unit C Incident Coordinator Group Location B Incident Coordinator Group Location C Clear responsibilities are the precondition for acting effectively in a crisis. Mostly there are two.

.

a disaster recovery manual lays down. Nevertheless. Disaster recovery manual The disaster recovery manual contains all the documentation that may be of importance in the event of an incident. With a view to minimising loss and ensuring that a business is up and running again as soon as possible. The BC guideline will include the business continuity organisation. the procedure to be followed – from the alerting routine to resumption of the business function. alerting levels. the entire disaster recovery planning operation. regardless of whether the overall structure of the BCP produced in this way is complicated or simple.Developing crisis strategies: Disaster recovery plans Emergencies cause panic. etc. facilities. in particular. all measures must be well planned. Munich Re Minimising business interruption losses 23 . and the disaster recovery plans of the company’s operating units (e. When it comes to developing a business continuity strategy. The procedure will then differ only slightly. it probably makes sense to carry out the development and implementation step by step for individual business units.g. IT) and external partners (suppliers). This means. Other planning bases can be: the internal business plan defining the business functions. including the drawing up of standards and definitions. the business continuity master plan and all the measures for maintaining. documentation on business processes (such as quality assurance and environmental management manuals). exercising. the BC master plan. explosion hazard). The disaster recovery manual also sets out the BC organisation in detail. which includes the site-specific contingent plan. the crisis management plan. fire protection. In the case of complex organisations and functions. Analyses of business processes and the economic impact on occurrence of risks form the basis for the systematics of disaster recovery planning. with alerting lists. step by step. In order to act properly in crisis situations. being presented as checklists. or legally prescribed disaster recovery plans (technical instructions. no company has to start completely from scratch. address lists and decisionmaking aids. In most cases they will already have process manuals based on certifications. auditing and developing the BCP. entails not inconsiderable expense and can take between three months and two years. plans. equipment. the business recovery plan and the IT recovery plan. The result should be a group-wide business continuity guideline that defines the key data of BCP and which the entire Board of Management approves as a binding requirement.

The text should be divided into short blocks.2.Developing crisis strategies: Disaster recovery plans Planning tools In view of the complex correlations and floods of data found in companies nowadays. however.4. it is essential to use computers to document BCP.5 Fire flow chart 4. so that even people with only slight knowledge of the facts can implement the crisis plan quickly under extreme conditions.3 Assessment of the event 3.1 Description of crisis management team 2. A large range of suitable programs are now available on the market.2 General procedure when crises occur 2.9 Technical fault flow chart 4. and – handy at all times. or in the private sphere.1.7 Evacuation flow chart 4. the recovery planner and systems produced by Strohl. With a loose-leaf collection. the crisis management plan (CMP). Network-based document management tools offer an alternative to these. Disaster recovery manual requirements The documentation in the disaster recovery manual ensures that. Instructions should be provided in the form of checklists. Markings like points and colours serve to guide the reader’s eye. Cross-references that cause the reader to lose valuable time leafing through the manual are to be avoided. The site-specific contingent plan could be structured as follows.2 Bomb threat flow chart 4. for example. alternative locations. Diagrams.1 Bioterrorist attack flow chart 4. are used (the designation is incomplete and without rating). Standard office software is the cheapest and most widely-used solution.3 Alerting routine 2. Crisis management plan Site-specific contingency plan (manual) Table of contents 1 Introduction 2 Overview of disaster recovery organisation 2. Standard-weight paper would definitely be too thin.g.4 Burglary/property damage flow chart 4. However. in the right sequence. care must be taken to use highly stable paper that will not become tattered. from an online version on the company server or from an external operator’s “black sites”). log and graphics functions in particular are needed. A note at the start of the Disaster Recovery Manual should indicate where other copies are kept – preferably at more than one. It is important that it should be worded concisely and in clear language. the text retrieval. in the event of an incident.2 Overview of operational management 2. – easy to update (e. largely protected place.1 Overview of crisis management team 2.2. The most suitable form of manual is a loose-leaf collection that can easily be updated.1. – practical (checklists). In the US.10 Accident/epidemic flow chart 24 Munich Re Minimising business interruption losses . organisation charts and sketches help make things easier to understand.1 Alerting procedure 3. The key to success here is the way that the BCP structure is systematically built up. The site-specific contingent plans should be drawn up following a uniform structure defined by the BC management but adapted to the individual conditions of each location.1 Emergency equipment 2. The detailed plans are drawn up in workshops together with areas of a company that are particularly critical in the event of a business interruption.1. by the designated persons and with suitable means. processing data electronically is no substitute for a manual. In order to draw up a disaster recovery manual. as are long-winded background information and arguments.6 Natural event flow chart 4.1. all activities are carried out at the right time.3 CO2 alert flow chart 4. but they have the disadvantage that some of them are extremely expensive. The manual must therefore be – user-friendly and easy to understand. Business continuity master plan The master plan is made up of the site-specific contingency plan (SSCP). allowing documents to be edited and updated quickly and effectively.4 Classification form 4 Flow charts 4. the business recovery plan and the IT recovery plan. It is important that the systems should be easy to use and that one person can be appointed who knows the system’s possibilities and limits and can ensure its operability.8 Computer centre evacuation flow chart 4.1.1 Description of on-scene team 3 Information flow 3. Site-specific contingency plan A site-specific contingency plan that takes account of all the buildings is to be developed for each of the company’s locations.4 Crisis centre 2.2 Escalation levels and their trigger 3.

the head of the crisis management team is joined in the situation centre by the Department for Internal and External Communications.3. The crisis management plan includes the following: a.1 7. responsibility for the immediate initial measures in the event of an incident (e. The clear definition creates a common basis for cooperation between local branches and head office.1 7. with incidents it has proved useful to differentiate between Munich Re Minimising business interruption losses 25 .1 7. In practice. evacuation) lies either with the local branch or – to avert global economic loss by the company in the case of image crises. This crisis management team is also mobilised as soon as the local crisis management team is no longer able to handle a crisis at one location and it threatens to develop into a global crisis (see figures 13 and 14): Example of a site-specific contingency plan When an incident occurs which makes the company’s normal conduct of business impossible or impairs it considerably. A crisis is defined as such by the local crisis management team (see figure 12). Where the head office has a crisis management plan. thus allowing it to act quickly and unbureaucratically for the benefit of the company that has found itself in a crisis situation. where all the PCs in a building were down for several hours. for example – with head office. with the result that nothing could be produced. for example.4.5 7. for example. As the diagram shows. the head office’s crisis management team then goes into action. An incident is eliminated immediately and permanently within the line as part of incident management.7. for example.1 7. The crisis management manual Re a) Escalation criteria and crisis management teams The escalation criteria regulate cooperation between the local crisis management teams and their counterpart at head office. Where there is a crisis or business interruption at head office.4.4. and the business units that are reponsible for technical input.5. The escalation criteria and crisis management teams b. An “emergency” is when the prerequisites for vital or important business activities in an area of the relevant location are adversely affected for a limited period of time. “emergencies” and “crises”. this can serve as a basis for global crisis management with a higher-ranking global crisis management team at the head office location.3 7.3 7. first aid. The normal organisational and decision-making structures are then no longer sufficient to bring the situation under control. In the case of global companies.g.6 7. For this reason. It is therefore important to specify the precise time when head office must be informed or frequented.Developing crisis strategies: Disaster recovery plans 5 6 7 7. This would be the case. where a hall was unavailable for five days as a result of a small fire and the associated cleanup operations.4 7.2 7.7 7.8.1 7. Administration takes care of all the organisational and secretarial work required to maintain the crisis management team’s operational capability. where production location X was completely wiped out by a locally occurring natural disaster. Depending on the company philosophy.1 8 Escape and rescue routes plan for building XYZ Building parameters XYZ Checklists Bioterrorist attack/Operational management checklist Bomb threat/Operational management checklist Burglary/Property damage/Alarm tracer checklist Burglary/Property damage/ Operational management checklist Fire/Alarm tracer checklist Fire/Operational management checklist Fire/Engineering checklist Fire/Shift manager checklist Natural event/Alarm tracer checklist Natural event/Operational management checklist Evacuation/Operational management checklist Technical fault/Alarm tracer checklist Technical fault/Operational management checklist Accident/Epidemic/Company medical officer checklist Accident/Epidemic/Operational management checklist Appendix “incidents”. An emergency is established and dealt with by the local emergency management team.8 7. a local crisis management team is to be set up for each location to serve as an interface to the head office. as all those involved know what stage they are at and what steps have to be taken next. which manages building services and is concerned with implementing everything relating to safety within the company. the crisis management team is made up of the company’s most important departments. fire-fighting. Human Resources to manage employees.2 7. Cooperation between local crisis management teams and the crisis management team at head office c. the previously appointed crisis management team is summoned. This would be the case. IT as the backbone of the company. unclear regulations often hamper the effectiveness of crisis management. In this case. A crisis would be. An “incident” is when the prerequisites for the business activities in an area of the relevant location are adversely affected for a short time. Facility Management. A “crisis” is when a sudden situation brings the company to the brink of its capacity or poses a considerable threat to its very existence.

otherwise. who then has to decide whether or not to declare a crisis. Group subsidiaries and branches affected. this is reported to the head of the crisis management team. 11 Local crisis management model Incident/ Emergency Normal operation Yes Divisional Unit Info No Yes Manage crisis Whenever an incident or emergency occurs in the business unit.Developing crisis strategies: Disaster recovery plans Fig. the local crisis management team meets in the situation centre and initiates the necessary steps to deal with it. 26 Munich Re Minimising business interruption losses . Situation centre Administration Communications Facility management IT Human resources Units affected Re b) Cooperation between the local crisis management teams and head office’s crisis management team The crisis management team is in charge of and responsible for all activities involved in crisis management and emergency operation until the normal conduct of business has been restored. If the local crisis can be handled. (Global) Business Recovery No Coordinator for Divisional Unit or Head of Operational Management at Head Office or Incident Coordinator (IO) Head of the crisis management team decides whether or not to declare a crisis Mobilise crisis management team Handle incident/emergency Fig. He decides whether the incident/emergency can be handled locally or not. – Each CMT defines the areas and/or business processes that are affected by the crisis. – The CMT is concerned only with the exceptional situation of the areas or processes affected. normal operation is gradually resumed. In the cases of crises that cause business interruptions. If there is a serious incident. normal operation is resumed. the following basically applies: – The head office’s CMT is authorised to issue instructions to all the business units. The local CMTs are authorised to issue instructions within their remit. if there is a genuine crisis. the competence of the line organisation remains. the business recovery coordinator or head of operational management at head office is informed. The team then starts to deal with the crisis. It bears responsibility for decisions and the resulting measures and consequences. If it can be. 12 Crisis management team model for the company’s local branch without head office Head of the crisis management team In the event of a local crisis. the crisis management team must be mobilised.

the CMT is responsible for the following: – Decisions and management of the crisis and/or the business interruption – Gathering. employees. supervisory authorities and the media – Introducing and ensuring organisational. or whether the request from the head of the local CMT can be delegated back to the local CMT. business partners. escalation – i. Munich Re Minimising business interruption losses 27 . 14 Model of the crisis management team for the head office Head of the crisis management team The head office’s CMT has exactly the same structure as the local CMT. technical and constructional measures appropriate to the situation – Introducing and implementing transitional and disaster recovery procedures in a controlled way – Matters relating to environmental protection and waste management – Providing support with determining and clarifying the cause of the loss (possibly in cooperation with insurance companies. should meet to avert a possible crisis for the company. 13 Global crisis management model Local crisis End crisis No Local CMT Manage crisis The head of the local crisis management team decides whether the local crisis should be escalated to the head of the CMT at the head office. Situation centre Administration Communications Facility management IT Local team Human resources Units affected When it comes to crisis management.e.e.) In the case of potential crises or business interruptions. etc. owing to lack of any global impact on the company. the only difference being that Facility Management has an on-scene team at head office for dealing with local loss or damage. evaluating and disseminating information from and for customers. transfer of responsibility to the next level up – is carried out at the head office location by the global business recovery coordinators of the business units present in the company (see BCP matrix organisation) or by the head of operational management to the head of the crisis management team.Developing crisis strategies: Disaster recovery plans Fig. i. He decides whether the CMT at head office. Transfers the escalation from the local CMT to the head of the CMT at head office Head of CMT Yes Mobilise head office’s crisis management team Global crisis Fig. police. the global crisis management team. as only he can foresee whether a global crisis can develop.

Advantage: premises and furniture available.1 Members of crisis management team 4. Advantage: decentralised and ready for use at all times. Advantage: costs not affected.4 Checklist for secretariat 5. In the case of serious damage.2 Alerting requirements of the alarm organisation 4 Basic information 4. Other 6. Crisis management manual Table of contents 1 Introduction to crisis management 2 Organisational structure of crisis management 3 Escalation and alerting 3.1 Overview of follow-up measures (24 hours to 1 week) 4.2 Assessment of the event 4. etc.3.1 Crisis centre I 4. Re c) Crisis management manual The crisis management manual serves as a guide to managing crisis situations for the crisis management team concerned.1 Checklist for head of crisis management team – Calling together the CMT 5.3. The disaster recovery procedure is set out step by step and in the same detail as that for escalation and alerting in the crisis management manual. for example in meeting rooms.6 Checklist for press officer 5.2 Checklist for assistant head of CMT 5. the head of the local CMT refers the crisis to the head of the CMT at head office. – Use of MDAs (multimedia digital assistants).5 Checklist for disaster recovery officer 5.4 Overview of immediate measures (0 to 24 hours) 4. there are in practice the following possible solutions: – Job sharing: existing jobs are done by several employees working shifts. Advantage: completely independent of area and location. organisation charts and flow charts help make the recovery plan easy to understand. Disadvantage: very high cost of providing laptops and setting up the IT infrastructure. with efforts being made to restore operation of the core activities as soon as possible.3 Checklists for putting crisis centre into operation 4. – Setting up emergency workplaces. the disaster recovery process starts.9 Checklist for infrastructure coordinator (General Services) 5. Business recovery plan Parallel to management of the risk. 28 Munich Re Minimising business interruption losses . the structure and members of the crisis management team. for example through additional hardware and software being required and the high frequency of moves.7 Checklist for human resources coordinator 5. project-oriented solutions including scheduling should be developed.3 Checklist for legal coordinator 5.2 Crisis centre II 4. The resumption of business operations takes its cue from the company’s priorities. The latter decides whether or not to summon the crisis management team and arranges for the required members of the CMT to be alerted.1 Escalation model 3. delivery times for replenishment orders. Graphic design. training rooms. The following questions are to be taken into account in business recovery planning: – Has a suitable process been selected for analysing the procedures? – Have people been appointed to develop solutions? – Do security arrangements exist with external partners? – Is internal and external communication about the disaster recovery ensured (checklists)? – Has provision been made for regular training and tests? In order to maintain jobs and guarantee business operations.4. that is to say the business functions determined in the business impact analysis.10 Checklist for representatives of divisional units affected 6. the loss of which would threaten the company’s continued existence. It defines the most important tasks in crisis management. For the business recovery plan.1 Pocket Guide to Crisis Management Example of the layout of a crisis management manual The crisis management manual also contains lists of people and companies that may be of vital importance in a crisis situation. – Setting up home-office workplaces.5 Important telephone numbers 5 Crisis management team checklists 5.Developing crisis strategies: Disaster recovery plans With local crises that can develop into a global crisis from one company location. longer recovery periods would have to be contended with on account of relocations.8 Checklist for assistant human resources coordinator 5. the alerting and escalation procedures. Disadvantage: high administrative expenses. Disadvantage: PCs and additional infrastructure required. the crisis centre and the checklists for the individual roles within the crisis management team.

Warm solutions: Provision of resources.1 Technical requirements 4.7 10. All the measures for restoring IT functions are described in an IT recovery plan.4 11.1 Notification lists 5 Checklists for restart of XYZ Department 6 Other Example of the layout of a business recovery manual IT recovery plan 1. The results of the recovery planning are documented in a manual that may look something like the following: Cold solutions: Procurement in an emergency.3 11.1 Overview of follow-up measures (24 hours to 1 week) 4. Munich Re Minimising business interruption losses 29 .2 3.4 Overview of immediate measures (0 to 24 hours) 4.1 3.6 10.6. All the hardware and software needed to manage a crisis is held in readiness.3 Emergency workplaces 4.5 3.4 3. with what. hardware and applications Control rooms and meeting points Dealing with the media IT continuity management IT crisis management team Emergency response teams Emergency response team leaders Data-storage emergency response team Network emergency response team Client emergency response team Server emergency response team Production emergency response team Security emergency response team Return teams Subordinate measures List of damage Logging of emergency response Post-processing of disaster management Adapting documentation Eliminating causes Removing provisional arrangements Supplementary documents Appendix IT recovery plan These days. The reaction time from the crash is between four and 24 hours.1 10. This is understood to mean a second computer centre that belongs to the company and has exactly the same status as the original computer centre.6 1.1 3.6.3 1. by whom.1 Members of crisis management team 4.2 1.2 2.6. Important telephone numbers 4.4.1 Escalation model 3. The IT recovery plan lays down all the measures for restoring the IT infrastructure.3 3.4 10.6 3.2 10.2 Critical restart times 4. Restoring the IT infrastructure is therefore almost always the first step following any business interruption.3.1 Crisis Centre I 4. how and in what order business operations can be resumed following a business interruption.3 3 3.5 10. Business recovery (manual) Table of contents 1 Introduction 2 Disaster recovery organisation for XYZ Department 3 Escalation and alerting 3.5 1.2 3.6.4.6 12 13 Introduction Purpose Scope of application Distribution list Maintenance and up-to-dateness Responsibilities General conditions Definitions Basic information Restart requirements Failure scenarios Emergency preparedness strategy General computer centre information Company’s computer centre Computer centre security Security access control Power supply Uninterruptible power supply Mains backup system Air-conditioning supply Basic operating information Production computers Operating times Standby times Incident and problem management procedures Storage media Data backups and outsourced archives Emergency documentation Availability of personnel.5.2 Emergency working materials (reference files) 4.6.2 Overview of long-term measures (1 to 4 weeks) 4.6 4 5 6 7 8 9 10 10.4 1.3 3. The mirroring is carried out at regular intervals. This is understood to mean premises solutions with or without computers.4.1 11.2 Alerting requirements 4 Basic information 4.1 2. They break down as follows: Hot solutions: Clustering and mirroring techniques.6. 1.7 2 2.1 1.4 3.4.8 11 11.3. it should be clear where.2 3.2 11.5 3.5 11.1. The technical measures in the area of IT recovery are virtually endless and vary according to the restart time that is needed or has to be observed. for example empty offices. mobile data halls or containers.1 3.3 10.Developing crisis strategies: Disaster recovery plans At the end of the recovery planning. canteens. most businesses and production techniques are so heavily dependent on IT infrastructures that any interruption in IT hardware or software services renders the normal conduct of business or production impossible.5. The reaction time from the crash is about one to three days (depending on the size of the company).

.

and implementing them in an emergency could do harm rather than good.1 4. types of exercises. machinery and equipment are modernised. staff change. The following list gives an example of the content of a MEAD plan: MEAD 1 2 2. Besides constant updating. The results and all the revisions of procedures. Test alarms and – even more comprehensively – simulation drills then keep the BCP strategy alive. form part of a process of continual improvement. Tests. For reasons of objectivity. Any errors and weakness in the plans drawn up will show up at the latest when an imaginary loss is tried out. In order to deal in a structured way with the predetermined features of a crisis in a test.3 5 5. To ensure that the maintenance.5 4 4.2 3 3.1 2. training. Audit and Development (MEAD) manual.2 5. the BC management checks whether the rules agreed beforehand are complied with in the individual business units and whether the BC organisation and BC set-up tally with the actual planning. Because they are very expensive.3 3. auditing and development of business continuity planning are also actually carried out. audits and simulations are the supreme discipline of business continuity planning.1 3. simulations tend to be confined to particularly critical processes and functions. crisis management plan and business recovery plan Documentation Developing Building up a network of experts and exchanging experiences Training and further training Adaptation to the prevailing state of the art in each case Development of a business continuity software tool Other 4.2 3.2 Introduction Maintenance (upkeep and changes) Ongoing maintenance and adaptation of the entire local and global BC organisation Adaptation of the system to new risks discovered in the course of loss prevention measures Exercising Exercising intervals. Munich Re Minimising business interruption losses 31 . It appears advisable to hold training courses and exercises about once a year. a script is written which is analysed following the exercise. Procedures alter. the action plans would be obsolete in a relatively short time.3 5. people not directly involved in developing BCP should do the analysis. exercising. it is also necessary to create awareness of the importance of BCP among employees at all levels. Internal and external audits are also used to ensure the quality of BCP. The exercises are thus a kind of quality assurance and have the effect of getting all those involved used to the stressful situation of a business interruption and minimising the problem of reaction time. Exercising. as such. To this end. it must be regularly updated.4 3.4 6 Example of the layout of a Maintenance.Rehearsing for the real thing: Testing and developing the BCP The best business continuity planning can fail in an emergency if it is not constantly adapted to current conditions and regularly practised. as part of its responsibilities. the tasks and responsibilities associated with these must be established. organisations and data (all the way down to changed telephone numbers and room numbers) go into updating and further developing the tools and. Otherwise. To ensure that BCP also actually works in a crisis situation. exercise locations Scenarios Assessment Documentation Exercise reports / Lessons learned Audit Developing auditing procedures and methods Worldwide auditing of business continuity planning: site-specific contingency plan. Training courses and seminars are suitable for this.1 5.

.

business interruption insurance contributes to a company’s economic recovery following a crisis. BCP regulates the preventive and reactive action to be taken in a crisis situation. should be avoided as far as possible. in particular. so it is essential to have a tailor-made business interruption insurance solution. Risks that are not transferred to the insurer. Why is BCP necessary in the first place when it is possible to obtain insurance cover for financial losses caused by business interruptions? How are BCP and business interruption insurance connected? When does BCP start and when do the benefits under a business interruption policy end? These are the questions that companies usually ask where business continuity planning and the arrangement of business interruption insurance are concerned. In short. The explanations given below should help clear up frequent misunderstandings about the purpose of insurance cover. By paying standing charges. of a fire).Transferring risks: Business interruption insurance Just as it is necessary to have holistic business continuity planning individually tailored to the company in question. Munich Re Minimising business interruption losses 33 . for what amount business interruption cover is needed is determined with the help of a business impact analysis.g. but it is still not being consistently implemented enough. even where a business interruption policy pays out for consequential loss arising from the event. The need to incorporate BI insurance into the company’s risk management is something that many risk managers have now recognised. it is important to carry out BCP to ensure that no critical points are overlooked. It is all a question of finding a sensible combination. It is thus all the more important that a good risk manager should understand how to use both tools – BCP and BI insurance – together in a sensible way. But even where a company has arranged business interruption insurance. taking account of the worst-case scenario. by means of BCP. Whether and. because they are not insurable or the entrepreneur does not want the cover. there is a danger that a company can no longer recover from a major incident. Insurance therefore offers no guarantee that a company will actually survive a crisis. For with ill-conceived recovery measures. the cost of necessary loss minimisation measures and the profits lost. or at least reduced. whereas business interruption insurance is aimed at covering the consequential financial loss of selected hazards (e.

however. Other costs in respect of measures that do not directly reduce the consequential loss (e. under a basic business interruption cover. these expenses are insured only to the extent that they actually help reduce the insured consequential loss. The normal standing charges that still have to be paid and cannot be reduced c. Overheads. 34 Munich Re Minimising business interruption losses . in order to avoid underinsurance. Business interruption insurance essentially covers three main areas: a. although these can increase in subsequent years through the expansion of business activities or higher sales. are reimbursed only where it is legally necessary or economically justified to continue paying them. The (loss minimisation) costs incurred in order to reduce the duration and extent of the business interruption loss Point c includes.Transferring risks: Business interruption insurance Fig. the operating result during the period of interruption – the period during which operations were disrupted by the business interruption – is compared with the result that the business would have achieved had the business interruption not occurred. It is then the job of business interruption insurance to make good this loss of profits (profit lost and other costs arising as a result). The insured consequential loss therefore corresponds to the lost operating profit and the money spent on (fixed) standing charges. extra shifts. it is only possible to refer to values of previous business results. special PR activities) can also be insured as required. particularly where periods of indemnity in excess of 12 months are arranged. but for a limited amount. Overheads and operating profit. can cause an appreciable reduction in production or service. Gross profit lost Actual gross profit (with BI loss) Basis for BI insured value Period of insurance Liability period ? Reserve loading as a consequence of expected increase in turnover Occurrence of property damage Main features of BI insurance The object of business interruption insurance is the consequential loss arising in a business as a result of property damage. The result is a direct purely financial loss or a loss of profits. however. It is therefore important to adjust the sum insured upwards. overtime. This should put the company back to where it would have been if there had been no consequential loss. In order to calculate the consequential loss.g. the cost of temporary buildings and hired machinery. for example. What is decisive is that.15 Determining the BI sum insured Gross profit Business result in the last financial year Gross profit over comparative period Adjusted gross profit At the time a BI policy is arranged. Property damage caused by fire. are indemnified only to the extent that the policyholder could not earn them as a result of the interruption. or even a total business interruption. or extra costs for airfreight. This means that the indemnity is limited to the economic benefit (so-called economic limit). The net profit that would have been made if there had been no consequential loss b. for example.

and its amount determines the cost of the insurance for the insured company. Munich Re Minimising business interruption losses 35 . availability of workers. overtime. Costs Profit 1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 Loss Calculating the probable maximum business interruption loss (PML) The probable maximum loss (PML) as a result of business interruption in the period of indemnity resulting from the loss must be determined taking account of the worse-case scenario (see glossary for definition). To avoid underinsurance. seasonal production or turnover) – Duration of interruption (time needed to restore buildings and replace or repair production equipment and machinery. accelerated replacement of operating supplies and raw materials) – Risk of contingent losses through dependence on third companies (level of dependence. level of business interruption risk of those third companies. leading to a business interruption loss. the sum insured generally has two meanings. special shifts. existence of standby equipment) – Loss-minimisation measures during the period of interruption (increasing production in parts of the business unaffected by the loss. dependence on computer systems. the operating overheads rise again sharply in order to get back to the full commercial readiness that existed prior to the loss. depending on the business. the operating overheads can no longer be earned. outsourcing of production to third companies.Transferring risks: Business interruption insurance Fig. type of production process. Determining the insured value is therefore a prerequisite for setting an appropriate sum insured. On the one hand. extensions of cover in respect of contingent losses [cf. shift of production. existence of bottlenecks. the immediate impact on a business interruption loss can vary considerably. Once production has been resumed (technical readiness to operate). This will be significantly influenced by a flow of goods that is still intact (stocks. the circumstances that are decisive for calculating the PML in property insurance are also to be taken as the starting point for the business interruption PML. The sum insured is usually geared to the value of the insured interest. As soon as this flow is reduced or lost altogether. On the other. once the property damage has occurred.16 Determining the sum insured Turnover Occurrence of property damage Technical readiness to operate Commercial readiness to operate When property damage occurs. probability of loss of clients/market as a result of the loss. As the insured business interruption must normally be caused by property damage. temporary equipping of operating departments. sale). the insured value should constantly be adjusted and checked again in the event of a loss. The following risk features can have a decisive influence on the business interruption PML: – Internal interdependencies – Seriousness of the business interruption risk (property damage risk exposure. processing. it forms the basis for calculating the premium. they do not give any information about the possible size of the consequential loss that only develops over time. section “Coverage extensions”]) Sum insured For the insurance policy. it sets an upper limit to the indemnity payable by the insurer and has a considerable influence on the intensity of the insurance cover. However. and is therefore largely dependent on the time element. reduction of costs.

therefore also influences the amount of the value insured. rented or leased. the loss of market share may also be included. it is particularly important for the risk management process to show ways in which these risks can be countered (e. Where for these and similar cases no insurance solutions are possible that can deal with the company’s requirements in a tailor-made way. the period of indemnity applies until a company is ready to operate commercially again (so-called “economic recovery”). through self or external financing. for example) can also trigger the BI insurer’s obligation to indemnify. for a period of indemnity (see next section “Limiting the term of the insurance cover”) of 12 months the sum insured corresponds to one year’s gross profit. Prerequisites for an insured business interruption loss As already mentioned. Under the system of cover applying in the USA. risks arising from new technologies or also financial risks that are unconnected with property damage. which corresponds to the time when the state of being technically ready to operate again is reached. however. even if the resulting disruption of operations and the business interruption loss only become apparent later. however. reserves). the business interruption loss is indemnified only during the “restoration period” of the damaged or destroyed property. Insurability of entrepreneurial risks There are. which means that for a period of 24 months it is doubled. With basic business interruption cover the period is 12 months. Consequential property damage (as a result of fire. in BI insurance the future insured values must be forecast. Under the European form of cover. Business interruption insurance therefore also assumes liability for the consequences of property damage in cases where the destroyed production facilities are loaned. acquired under reservation of ownership or assigned by way of security to third parties. Of late. however. It is necessary for property damage to have occurred at the operating unit named in the policy. The occurrence of the property damage is normally what triggers the cover. This is the case where – the losses do not occur by chance but are foreseeable.g. – the probability of a loss occurring cannot be assessed. for example.Transferring risks: Business interruption insurance Business interruption insurance is a full-value insurance. The period of indemnity. it is necessary to limit the insurer’s liability not only in terms of amount but also in terms of time. 36 Munich Re Minimising business interruption losses . however. The items affected by the property damage need not be owned by the insured company either. In the case of longer periods of indemnity. the basic prerequisite for indemification under standard business interruption cover is that there should be a causal link between the business interruption and the property damage. fixing the right sum insured is very demanding. for example. This also includes items of property that have been hired or loaned. When the cover ends is handled quite differently on the individual insurance markets. which means that the value of the insured operating profits and standing charges must be determined as accurately as possible in order to fix the sum insured. Unlike in property insurance (for which the values of the present apply). that is to say the future profits. i. it has also become possible to extend this period by a few months. that is to say the maximum period of time agreed in the insurance policy for which the insurer is liable following the occurrence of a loss. Examples of such “entrepreneurial risks” are internet. Taking as an example here the system of cover applying in Germany and the UK. It is enough if the item of property in question is used operationally or is intended to be so. or – the loss potentials exceed the insurer’s ability to pay. as they cannot be handled by means of underwriting. environmental and product risks. Liability ends no later than upon expiry of the contractually agreed indemnity period. This property damage must have occurred at the operating unit (insured premises) specified in the insurance policy and affect an item of property used operationally. Limiting the term of the insurance cover Because of the special time dimension of business interruption insurance. The property damage need not therefore be direct damage. the sum insured is multiplied accordingly. The period of indemnity normally runs from when the property damage occurs. on the other hand. certain risks that insurers cannot assume.e. As the business trend of the company that is to be insured is subject to fluctuations. but it can be extended to up to 36 months if required. The place of origin of the loss occurrence can be anywhere else.

000 €500. as correct calculation of the loss is then barely possible any more. Without going into more detail on the topic. which is subject to a variety of influences. It is absolutely essential that the loss be reported to the insurer without delay so that the insurer can jointly keep track of the measures taken to minimise loss and influence them wherever possible. as they would otherwise lose considerable market shares in the long term. normally the last three years’ accounting records. inventories and balance sheets must be available. and a real challenge in the case of major incidents. the calculation of a BI loss can be presented in simplified form as follows: Calculation of business interruption loss Presumed turnover (without loss) – Actual turnover (despite loss) = Lost turnover – Variable costs = Gross profit lost + Loss minimisation costs – Fixed costs saved = BI loss €1. Munich Re Minimising business interruption losses 37 . It is therefore not unusual to call in a neutral expert chosen by both parties to determine the BI loss. police). or not possible at all. which leads to a significant interruption.Transferring risks: Business interruption insurance Insured company’s obligations Time is money! For business interruption losses and all measures for minimising loss. with or without intervention by the authorities (fire brigade. it can lead to reductions in the indemnity paid or even to the insurer being released from its duty to indemnify. Determining the business interruption loss Determining the loss under business interruption insurance is a very complex task. Where this obligation is not met.000 Coverage extensions Below we briefly explain the most important extensions of cover that can be incorporated into business interruption insurance. In order to be able to assess the actual BI loss properly. the policyholder’s accounting records form the basis for calculating the loss. for example in the case of newspaper printers. Such a situation will arise above all with companies that have to maintain at least part of their operations at all costs. Settling claims correctly requires broad experience and expertise. especially in operational matters.000 €500. One essential principle of BI insurance is therefore also that the policyholder undertakes to resume operations as quickly as possible in order to limit the business interruption loss.000 €250. Because business interruption insurance covers purely financial loss. Denial of access This extension of cover relates to access to the insured premises being possibly hindered or rendered impossible as a result of property damage in the near vicinity.000 €200. this maxim is of fundamental importance. bakeries.000 €100. certain commercial undertakings and especially service enterprises. The main reason for this is that the subject-matter of a BI policy consists not of values that are already available but of the insured company’s future earnings that cannot be generated in the event of a loss. the insurer cannot get an overall picture of these extensions.000.000 €300. They can therefore only be included in the insurance to a limited extent on a first-loss basis (see glossary for definition). The documents must be kept in such a way that they cannot be destroyed during a loss event. which means that they are very difficult to quantify. Additional increased costs of working These are loss minimisation expenses that exceed the economic limit and therefore no longer reduce the insurer’s liability.000 €50. Because of possible loss accumulations and/or unknown risks. Here it makes no difference whether the insured business or the items of property located in it are damaged or not. however.

Additional costs for delays on account of orders under public law (conditions imposed on rebuilding or operation) Following insured property damage. incur considerable additional costs that significantly increase the business interruption loss (e. can even paralyse it completely and cause further huge costs (recommissioning of machinery. Loss of earnings as a result of a business interruption loss caused by a power failure and preceding property damage to insured items can be insured with an extension of cover if the loss was caused by a failure of the public supply of electricity. go into more detail here about the particular features and contents of the individual products. Germany and the UK). in the absence of safety concepts (e. so-called “interdependency losses” are included in the cover under standard BI insurance. customers (also suppliers of customers). payroll processing firms or independent warehouses. in many cases the true extent of such conditions only becomes apparent when there is a loss.). both operating sites A and B must be mentioned in the insurance policy. gas or telecommunications services. etc. emergency power generators). provided the laws or orders forming the basis of the conditions imposed had come into force before the loss occurred. as a result of conditions imposed by the authorities. Insurance products for business interruption Below you will find a list of the standard business interruption insurance products usual in the market. Tailor-made BI insurance solutions The explanations and definitions given are generally based on BI insurance solutions that are available as standard products on the individual insurance markets (here.Transferring risks: Business interruption insurance Contingent losses Contingent losses arise as a result of property damage in an outside company or at a policyholder’s business location that is not documented in the policy. An interdependency loss is where property damage occurring at the insured company’s operating site A leads to a business interruption at its operating site B.e. however. as well as “homegrown” terms and conditions expressly offered by insurers. companies that are not owned by the insured company. and more or less standard insuring clauses. The risk of additional costs as a result of legal orders is often not recognised or massively underestimated. These are recognisable from the prerequisite of property damage. i. goods destroyed during the production process. Failure of public utilities Power failures in particular can severely disrupt a business and. which can only be insured in the form of an extension. 38 Munich Re Minimising business interruption losses . The additional costs incurred as a result are insurable. insured perils defined in the same way. the company may. the neighbourhood or the site location). through impairment of the environment. Property damage at such a company that has dealings with the policyholder can lead to a decline in or loss of sales at the insured company without it having suffered any property damage. For cover to apply.g. may be suppliers (also suppliers of suppliers). Unlike contingent losses. It should therefore be noted that deviations from usual market practices by insurance brokers can exist. We do not. water. “Outside companies”.g.

flood – Sociopolitical risks – Pollution. unlike in all risks covers where all risks that are not expressly excluded (list of excluded perils) and are the consequence of “accidental. each insured peril is individually enumerated and defined. contamination – Losses as a result of official orders and provisions All risks versus named perils covers: In named perils covers. Munich Re Minimising business interruption losses 39 .Transferring risks: Business interruption insurance Standard business interruption insurance products usual in the market Property insurance – Fire BI insurance (Germany) – Loss of gross profit (UK) – Loss of revenue (UK) – Gross earnings form (USA) – Business income (USA): · including extra expense · without extra expense · Extra expense only – Contingent BI insurances: · Failure of public utilities · Interdependency and contingency losses · Access restriction · Rebuilding restrictions as a result of orders under public law – Stand-alone increased cost of working insurances (additional increased costs of working) – Machinery loss of profits – Electronic equipment BI – Building interruption – Advance loss of profits (ALOP) Engineering BI insurances – Machinery loss of profits – Computer and software BI – Advance loss of profits Business closure insurances – Closing of company by authorities owing to epidemic risk Marine consequential loss insurances Remarks Most insurance products do not cover consequential business interruption losses arising from: – War events of any kind – Terrorism – Nuclear risks (special solutions for nuclear power plants) – Entrepreneurial risks – Currency and exchange rate risks – Computer viruses – Occurring events that are not sudden and unforeseen – Events that are not preceded by property damage Special risks whose insurability must be examined very closely: – All natural hazards like earthquake. unforeseen physical damage” are insured. windstorm.

draws up a crisis plan setting out step by step all the measures required to deal with the emergency and get the business up and running again after an interruption. The business continuity planning that is integrated into the company should certainly be supplemented with business interruption insurance covering the financial consequential losses that arise when specific risks occur. international and global companies but also that it is an urgent requirement for small and medium-sized enterprises (SMEs) as well. Such plans are of little use. This will enable the company to tackle and manage incidents in a coordinated and structured way. Because of the extremely complex subject matter. To avoid having to suffer any serious losses or being squeezed out of the market altogether. however. if they are not tested for their fitness at regular intervals and adapted to processes of change. It is not enough. to confine oneself to purely technical and organisational possibilities of risk management. irrespective of whether this turns out to be major or minor. To this end.Summary For most companies. These days. The insurance industry has professionally competent advisers available for this who can work out and offer a solution that will satisfy all the parties involved. every company management should set great store by forward-looking risk management and support its implementation at all levels. realistic risk that a company might be faced with (“thinking the unthinkable”) and establish approaches for minimising possible losses. we would point out that not only should BCP be obligatory for large. a business continuity team. In this connection. the consequences of a business interruption can mean ruin. Such enterprises are particularly at risk with regard to liquidity and availability of financial resources. it is advisable to agree a business interruption insurance solution that is adapted to the individual operating requirements. 40 Munich Re Minimising business interruption losses . The best way of counteracting incidents that cause financial losses – and one that we therefore urgently recommend – is by sensibly combining the two preventive tools of BCP and BI insurance. made up of company employees. however. The aim of these activities is to identify every conceivable. no company can afford to be cut off even for just a short time from activity in the market as a result of an incident.

The assessment period ends at the point in time when there is no more business interruption loss. Business continuity guideline Binding guideline for carrying out business continuity planning Business continuity management (BCM) Procedure for safeguarding the business continuity process in the company Business continuity master plan Part of the business continuity guideline that describes the individual types of plan: – Site-specific contingent plan (see below) – Crisis management plan (see below) – Business recovery plan (see below) – IT recovery plan (see below) Business continuity MEAD (maintenance. Assessment period The assessment period is a term from industrial fire business interruption insurance and is used to determine the insurance value. Business continuity strategy The business continuity strategy defines the way in which the company can be protected against emergencies and crises in the medium term (approx. It should be noted that the assessment period is fixed differently from market to market. and upon expiry of the period of indemnity at the latest. Business impact analysis (BIA) The BIA is the cornerstone of BCP. audit and development) Maintenance. the presumed operating profit and the standing charges that the policyholder would have generated in the last 12 months without the business interruption are taken into account (= insurance value). property and assets in the sense of added value are worked out. exercising. As part of the process. 2–4 years) or long term (approx. tests. exercises. targeted procedures for maintaining operations and protecting persons. Based on a survey of senior management.Glossary The following definitions form the basis for communicating about business continuity planning and business interruption insurance. and described in detail. 4–8 years). The business continuity strategy is based on the company’s vision and guiding principles. audits and further development of the business continuity process Business continuity planning Synonym for business continuity process Business continuity process The business continuity process is a management process that identifies the possible consequences that can endanger a company. Munich Re Minimising business interruption losses 41 . the relevant business processes and the ones at risk of failure are defined in terms of their importance and impact. Prior to this time.

– providing support in determining and clarifying the cause of the loss (including insurance companies.g. It is responsible for decisions and also for the measures and consequences resulting from them. supervisory authorities and the media. Disaster recovery manual The disaster recovery manual contains all the plans that are of relevance in a crisis situation.). technical and constructional measures appropriate to the situation. – introducing and ensuring organisational.g. Emergency An emergency is when the prerequisites for carrying out important business activities in an area at the company location in question are impaired for a limited period of time. Crisis management team The crisis management team is the management team for all the divisions affected. e. – introducing and implementing transitional and disaster recovery procedures in a controlled way. i. without it having suffered any property damage itself. Emergency workplaces Alternative workplaces that are made available for a unit’s emergency operation First loss Where insurance on a first-loss basis is agreed.g. every loss is indemnified up to the amount of the sum insured. Any underinsurance is therefore not taken into account. employees. Business recovery All measures to get the business up and running again following an outage or interruption Business recovery plan Plan describing all the measures to get the business up and running again following an outage or interruption Contingent losses Contingent losses arise as a result of property damage at an outside company (or at a policyholder’s business location that is not documented). In property insurance. Crisis management plan Plan describing the most important measures to be taken by the relevant crisis management teams when dealing with a crisis. In particular. Crisis A crisis is a suddenly occurring situation that can bring the company to the limits of what it can cope with or pose a considerable threat to its existence. loss minimisation expenditure is insured under basic BI cover only to the extent that it also actually helps to reduce the insured business interruption loss. regardless of whether the sum insured corresponds to the insurance value of the insured items of property at the time of occurrence of the loss. evaluating and disseminating information from and for customers. until the resumption of normal business operations has been ensured. payroll processing firms or independent warehouses. As described in the site-specific contingent plan. The normal organisational and decision-making structures are no longer sufficient to master a crisis. the immediate initial measures following the occurrence of an “emergency” or “crisis” (e. A crisis is defined as such by the local crisis management unit. suppliers (also suppliers of suppliers). first-loss insurance is usefully employed where it would be excessively difficult to calculate an insurance value (cost items). a prerequisite that the facility location involved belongs to a company that supplies products to the policyholder. The local operational management establishes that there is an emergency and deals with it. Outside companies are companies that are not owned by the insured company. Economic limit The payment of indemnity is limited to the economic benefit. business partners. customers (also suppliers of customers). evacuation) are the responsibility of the operational management and are thus not part of the crisis management.Glossary Business interruption All internal and external events that lead to interruption of the actual business and have an immediate and sustained effect on the company’s economic situation. etc. however. Crisis management Management process of the management team designed to maintain the company’s ability to act in a potential or acute crisis. it involves: – gathering. firefighting. 42 Munich Re Minimising business interruption losses .e. the site-specific contingency and evacuation plans. first aid. police investigations. It is. crisis management plan and also the business and IT recovery plans. e. Contingent losses lead to a decline in or loss of sales in the insured company.

Property damage occurring at operating site A can thus lead to a business interruption at operating site B. Site-specific contingent plan Plan describing all the immediate measures following an emergency or crisis in buildings. Interdependency losses Many businesses or firms have several operating sites (firms belonging to the group). Site-specific contingent planning All the measures used immediately after the occurrence of an emergency or crisis to protect human life. Threat analysis Exposure analysis that considers all the conditions and processes of relevance to business interruption in a holistic examination of the company Underinsurance Where the sum insured is lower than the insurance value at the time of occurrence of the insured event (underinsurance). only that part of the loss is indemnified that bears the same ratio to the overall loss as the sum insured bears to the insurance value. IT recovery All measures to get the IT up and running again after an outage or interruption IT recovery plan Plan regulating all the measures to get the IT up and running again after an outage or interruption Local business recovery coordinator In international companies. Incident coordinator The person responsible for the site-specific contingent planning and crisis management planning at the company location in question Insurance value See “Assessment period”.Glossary Global business recovery coordinator In companies that operate internationally. PML PML stands for “probable maximum loss” (cf. this is the person responsible for the objectives and orientation of the business recovery procedure in the relevant division. Period of indemnity The insurer is liable for any business interruption losses normally arising within 12 months following occurrence of the property damage. these so-called interdependency losses are also insured. Incident An incident is the brief impairment of the prerequisites for the business activities at the location in question. calculated in monetary terms. Indemnity = loss x sum insured/insurance value Worst-case scenario The maximum possible loss occurrence. an application or an IT system needs to function again properly in accordance with the operational requirements. Operational management Disaster recovery organisation at the relevant company location that is mobilised in an emergency as part of the site-specific contingent plan. that can affect a company as a result of a specific risk. This period is known as the period of indemnity. Munich Re Minimising business interruption losses 43 . material assets and property. Restart time The restart time is the time a process. the section “Calculating the probable maximum business interruption loss” on page 35). a unit. It is eliminated immediately and permanently within the line as part of incident management. As long as both operating sites are listed in the insurance policy. Escalation to the company’s crisis management is carried out by the operational management. this is the person responsible for the objectives and orientation of the Business Recovery Procedure in the relevant Division at the location in question. It is possible to agree longer periods of indemnity.

org.2 Disaster recovery plans.ffiec. Berlin.org FFIEC (Federal Financial Institutions Examination Council): www.gov NFPA 1600 (National Fire Protection Association): http://www. MR Risk Management and Industrial Insurance Workshop (2007): Case Study TMC. Edgar: Leitfaden der Feuer-Betriebsunterbrechungs-Versicherung [Guide to fire business interruption insurance]. Heidelberg. New York: Springer-Verlag. B. June 14 –15.uk DRI (Disaster Recovery Institute): www.com Martin Wullschleger Underwriter Corporate Underwriting Property Tel.: http://www. 2nd edition 1976.Authors Dr.: +49 (89) 38 91-52 18 Fax: +49 (89) 38 91-7 52 18 E-mail: mwullschleger@ munichre. Heyen.3. V. Munich: www. U. Workshop RIMS Fellow Workshop (2004): Disaster Planning. (Editors) (2003) Business Continuity. Karlsruhe. Bartlett. Internet links BSI (British Standards Institution). M. Gerhard Schmid Head of Section Casualty Risk Consulting Tel.munichre.com Literature Books HB 221:2003 Business Continuity Management by Standards Australia. Naujoks. Montreal (Quebec). Business Continuity Planning and Management. Sydney 2004..org PAS 56/BS25999: www.com The Business Continuity Institute: http://www.rims.bsi.org Risk and Insurance Management Society.gov NIST (National Institute of Standards and Technology): www.: +49 (89) 38 91-98 69 Fax: +49 (89) 38 91-7 98 69 E-mail: gschmid@ munichre. item 6..thebci. Wieczorek. www.com/de/service/connect/general_ services. Inc.org 44 Munich Re Minimising business interruption losses .drii. ISO/TS 16949 QualityManagement Systems in the Automotive Industry.nist.nfpa. Verlag Versicherungswirtschaft e.. Standards Australia International Ltd.pas56.

com Picture credits Getty Images . Gerhard Schmid Tel.com Martin Wullschleger Tel.munichre.: +49 (89) 38 91-0 Fax: +49 (89) 39 90 56 http://www.: +49 (89) 38 91-98 69 Fax: +49 (89) 38 91-7 98 69 E-mail: gschmid@munichre.© 2008 Münchener Rückversicherungs-Gesellschaft Königinstrasse 107 80802 München Germany Tel.com Responsible for content Corporate Underwriting Person to contact Dr.: +49 (89) 38 91-52 18 Fax: +49 (89) 38 91-7 52 18 E-mail: mwullschleger@munichre.

© 2008 Münchener Rückversicherungs-Gesellschaft Königinstrasse 107 80802 München Germany Order number 302-05697 .

Sign up to vote on this title
UsefulNot useful