Professional Documents
Culture Documents
02 04
METHODOLOGY CONCLUSIONS
Here you could describe Here you could describe
the topic of the section the topic of the section
When things
go badly
wrong
WHen things go badly wrong
Sources of crisis
02 Defects 04 extreme
and recalls weather
Slow-burn vs catastrophe
- ICM also believes that most crises stem from management rather
than employees or the environment. Terrorist activities and natural
disasters are responsible for few corporate headlines.
- Corporate scandals, white-collar crime, defects, recalls and other
management issues are responsible for half of all crises.
Crises by industry
What drives continuity management?
These are the example of the some parts that are critical:
- INFORMATION : Most companies of any size depend on database, especially for processing sales,
managing operations, and paying staff. When that information become corrupted, a crisis can ensue
- OPERATION : This includes operations carried out by suppliers, contractors and business partners
- PEOPLE : Do any member of staff perform unique roles? If they were leave or die , would mission
critical activities stop?
- PREMISES : Do you have premises which, if you were denied access to it, would cause the business a
big problem? Some divisions cannot work from home and need a specific workplace
- SUPPLIES : If the business cant get its component, output comes to a standstill
4. Assign roles and responsibilities
Risk management
&
Business
continuity
5. Prepare an Emergency plan
Plan sections
1. Versioned : updated
2. Relevant format : A4 (for paper)
3. Slimline : dalam bentuk yang simple (tidak tebal)
4. Accessible : available untuk semua yang membutuhkan
5. Communicated : telah didiskusikan dengan orang-orang yang terlibat
6. Tested : teruji dan updated
5. Prepare an Emergency plan
SEVERITY
THE PACE METHOD
1. Primary
2. Alternate
3. Contingency
4. Emergency
6. Control or Mitigate the risks
If the company builds trust with the media, they are less likely to write
damaging articles if a crisis occurs. Journalists will find it difficult (though not
impossible) to write accusing articles if they have only ever received useful,
honest and accurate information over a long period.
Continuity Management
and ISO 22301
ISO 22301 is a management standard for business
continuity. It is designed to help you deal with
corporate-level risks (loss of power for several days),
rather than operational ones (such as a brief internal
IT failure).
You should show how the system will The organization must allocate competent Having made its plan, the business must
manage the risks identified. The system staff to operate the system, and ensure now implement it. This requires the
must: they are trained. The system must specify following:
• be consistent with your business how it will communicate the system • carry out a risk assessment;
continuity policy; internally and externally. Relevant • implement a strategy that will allow
• ensure the minimum level of output procedures must be documented. the business to continue operating after a
that will permit the organization to crisis – the business should write
achieve its objectives. In other words, procedures as to how that will happen;
when a crisis occurs, what needs to • carry out exercises and tests, to ensure
carry on working? the system is working.
• be measurable;
• take into account applicable
requirements (for example legislation); •
be monitored and updated.
CLAUSE 9 & 10
The business needs to: Improve the system through corrective and
• carry out internal audits to ensure the preventive actions. Typically, the
system is working; management review will require changes to
• evaluate the results of those audits at be made to the organization’s processes and
management reviews. procedures.
BAGAN THE MAIN CLAUSES OF ISO 22301
1.
Continuity Software