Business Continuity:

For When Things

Go Badly Wrong
Kelompok 9:
Ahmad Alvarian Adnan 1806226733
Prasetyo Seno Pambudi 1806226664
Denzel William Mandela 1806226670
Raden Rizky Herfianda 1806226084
01 03
OBJECTIVES RESULTS ANALYSIS
Here you could describe Here you could describe
the topic of the section the topic of the section

02 04
METHODOLOGY CONCLUSIONS
Here you could describe Here you could describe
the topic of the section the topic of the section
When things
go badly
wrong
 WHen things go badly wrong

1. Despite precautions, things can go badly wrong

2. Contingency plans are most effective and needed
3. Examples: robbery, reducing staff members
4. “Black Swan” phenom
The biggest threats
 01 White 03
Collar crime mismanagement

Sources of crisis

02 Defects 04 extreme
and recalls weather
 Slow-burn vs catastrophe

1. What does ‘slow-burn’

mean?
2. Not all crises are sudden
3. What’s the difference?
 The causes: management or the unexpected

- ICM also believes that most crises stem from management rather
than employees or the environment. Terrorist activities and natural
disasters are responsible for few corporate headlines.
- Corporate scandals, white-collar crime, defects, recalls and other
management issues are responsible for half of all crises.
Crises by industry
 What drives continuity management?

- Whatever it is, it tells us what plan

we need.
- Organizations must test their
emergency planning
TAKING Steps to
minimize a crisis
1. Set goals
2. INtroduce forecasting and scneario planning

Many successfull companies fall when they stay with

the formula that helped them grow and dont notice the
trends or forecast the changes that will reduce the
sales of their products.

As the name implies, it gets the company to plan for

several different future possibilities. It is a “WHAT IF”
exercise. It asks questions like:

- What if the price of raw materials doubled?

- What if we lost our two biggest customers?
3. Identify the risks
We need to identify which parts of business are critical

These are the example of the some parts that are critical:

- TECHNOLOGY : This include computers, telephone, plant and equipment.

- INFORMATION : Most companies of any size depend on database, especially for processing sales,
managing operations, and paying staff. When that information become corrupted, a crisis can ensue

- OPERATION : This includes operations carried out by suppliers, contractors and business partners

- PEOPLE : Do any member of staff perform unique roles? If they were leave or die , would mission
critical activities stop?

- PREMISES : Do you have premises which, if you were denied access to it, would cause the business a
big problem? Some divisions cannot work from home and need a specific workplace

- SUPPLIES : If the business cant get its component, output comes to a standstill
4. Assign roles and responsibilities

Someone must take responsibility for continuity.

There are four levels of activities :

- APPOINT A WORKING GROUP : a working group will be tasked with devising

a contunuity strategy and allocation resources

- NOMINATE A DIRECTOR : We should give a Board director to ensure that the

plan is carried out

- NOMINATE A BUSINESS CONTUINITY MANAGER : This might be the risk

manager or a line manager (for example, production director)

- OTHER ROLES AND RESPONSIBILITIES : Departmental Heads must be

responsible for contunuity in their own areas.
5. Prepare an Emergency plan

Risk management
&
Business
continuity
5. Prepare an Emergency plan
Plan sections

Terdapat beberapa sections melihat dari jenis krisis yang ada:

1. Product of service quality failure

2. Environmental pollution
3. Health and safety accident
4. Human resource incident (ex: suicide)
5. Fire and explosion, including loss of buildings, telephones and so on
6. Security failure
7. Fraud
8. Financial crisis
9. IT or internet failure
10. Industrial relations problem
11. Problems specific to the business
12. Other problems affecting corporate repurtation (ethical failure)
5. Prepare an Emergency plan
Headings

OBJECTIVES Assumtions dependencies Invoking the plan

Relation between emergency plan with Who has the authority to invoke the
What is the purpose of this part of
some factors plan?
plan?

ACtion contacts resources Communications CHecklist

What needs to be done? Contact details of relevant staff List of relevant documents Who should be contacted?
Who will do each job? members, emergency services, and/or (ex: building blueprint)
appropriate business partners
5. Prepare an Emergency plan
Essential characteristic of the plan

Beberapa karakteristik yang penting untuk ada pada plan yaitu:

1. Versioned : updated
2. Relevant format : A4 (for paper)
3. Slimline : dalam bentuk yang simple (tidak tebal)
4. Accessible : available untuk semua yang membutuhkan
5. Communicated : telah didiskusikan dengan orang-orang yang terlibat
6. Tested : teruji dan updated
5. Prepare an Emergency plan

Escalating the response according to severity

SEVERITY
THE PACE METHOD

1. Primary
2. Alternate
3. Contingency
4. Emergency
6. Control or Mitigate the risks

Monitoring, accepting and improving risks

Decide how they should be controlled
7. Testing the plan: practising emergency procedures

Points of testing the

plan:
1. Should be carried out an
inconvenient time
2. The scale
3. Implement it without delay
4. Early Communication
 BUILD A LONG-TERM RELATIONSHIP WITH
THE MEDIA
A good relationship with the media will ensure that, should a crisis ever occur,
the organization can expect a fair hearing. It also ensures that journalists will
expect the best rather than the worst, when it comes to news about the company.

If the company builds trust with the media, they are less likely to write
damaging articles if a crisis occurs. Journalists will find it difficult (though not
impossible) to write accusing articles if they have only ever received useful,
honest and accurate information over a long period.
Continuity Management
and ISO 22301
ISO 22301 is a management standard for business
continuity. It is designed to help you deal with
corporate-level risks (loss of power for several days),
rather than operational ones (such as a brief internal
IT failure).

The system has five main clauses (numbered 4–10),

which are shown in the next slides. To aid
comprehension which we have placed them in a chart
after the clauses in a sequence that hopefully makes
more sense to the reader.
 CLAUSE 4 & 5
CLAUSE 4: SETTING THE
ORGANIZATION IN ITS CONTEXT
You need to identify the organization’s main
products and services, and its areas of high
risk. This will let you to design a suitable
BCMS.
*Business Continuity Management System’s
(BCMS)
CLAUSE 5: MANAGEMENT NEEDS TO
LEAD
As with other management standards such as
ISO 9001, the organization’s management
needs to be engaged. It should do the
following:
• set a continuity policy and objectives;
• ensure the system reflects the needs of the
organization;
• integrate the system into the organization’s
business processes;
• provide resources and people for the BCMS;
• communicate the importance of BCM;
• ensure that the BCMS achieves its expected
outcomes;
• ensure continual improvement.

CLAUSE 6: PLAN FOR
CONTINUITY
You should show how the system will
manage the risks identified. The system
must:
• be consistent with your business
continuity policy;
• ensure the minimum level of output
that will permit the organization to
achieve its objectives. In other words,
when a crisis occurs, what needs to
carry on working?
• be measurable;
• take into account applicable
requirements (for example legislation); •
be monitored and updated.
CLAUSE 6, 7, 8
CLAUSE 7: SUPPORT
The organization must allocate competent
staff to operate the system, and ensure
they are trained. The system must specify
how it will communicate the system
internally and externally. Relevant
procedures must be documented.
CLAUSE 8: OPERATION
Having made its plan, the business must
now implement it. This requires the
following:
• carry out a risk assessment;
• implement a strategy that will allow
the business to continue operating after a
crisis – the business should write
procedures as to how that will happen;
• carry out exercises and tests, to ensure
the system is working.
 CLAUSE 9 & 10

CLAUSE 9: EVALUATING CLAUSE 10: IMPROVEMENT

PERFORMANCE

The business needs to: Improve the system through corrective and
• carry out internal audits to ensure the preventive actions. Typically, the
system is working; management review will require changes to
• evaluate the results of those audits at be made to the organization’s processes and
management reviews. procedures.
 BAGAN THE MAIN CLAUSES OF ISO 22301

1.
 Continuity Software

Off-The-Shelf BCM Crisis management software

Programs suppliers should include:

• Sunguard, sungard.co.uk • risk assessment;

• Clearview, clearview-continuity.com
• RSA Archer, emc.com
• Recovery planner, recoveryplanner.com
• Metric Stream, metricstream.com
• Continuity Logic, continuitylogic.com
• Strategic BCP, strategicbcp.com
• business process maps;
• continuity or recovery plans;
• inventory of assets and personnel; • list of
suppliers;
• exercise plans and reports.
 RISK ASSESMENT
By answering the questions on the left side, you
can assess the company’s vulnerability to business
continuity. Score one point for every ‘Yes’ answer.

Score: 0–3 points: high risk. 4–6 points: moderate risk.

7–10 points: low risk.

The Appendix has a summary of the checklists. By entering the

results of this one, you can compare the scale of business
continuity risk against other categories of risk.
THANK
You
CREDITS: This presentation template was created by
Slidesgo, including icons by Flaticon, and
infographics & images by Freepik.