Scenario:
Teleconn, a UK-based telecommunications provider, initiated a BCMS based on ISO 22301 to ensure reliable and consistent services. To monitor the BCMS’s performance, the internal audit function was outsourced to a company specializing in auditing services. The outsourced internal auditor was given unrestricted access to employees and documented information necessary for an effective audit.
An outsourced company conducts regular internal audits of Teleconn’s BCMS. Is this acceptable?
Scenario:
Prebank is a multinational financial institution. Its services include banking and investing through banking centers, ATMs, and mobile banking platforms. With millions of clients, Prebank's database systems record vast amounts of data and transactions daily. Its main activities depend on the ability of its employees to access clients' data through its database system at any time.
Recently, Prebank's database system stopped working unexpectedly. Soon after, it was discovered that this disruption was caused by the maintenance work on the road outside the company's office building. During the road repair, the workers had unintentionally damaged a water pipe that leaked into Prebank's basement. This leakage affected the company's electrical infrastructure, resulting in a loss of power, which shut down equipment and computers in the server room. Consequently, employees were unable to access Prebank's database system.
After this incident, the employees immediately notified Prebank's IT team. Subsequently, the IT team informed both the maintenance company responsible for the roadworks and the insurance company. The company responsible for maintenance told Prebank's IT team that the maintenance team was not available for the day. Since Prebank did not have a plan for responding to similar disruptions, they had to stop working and go home. Thankfully, the maintenance team arrived at the scene on the next day and made all the necessary repairs, allowing Prebank to resume all its operations.
Following these events, Prebank decided to change its strategy and procedures to prioritize business continuity planning within the company. Its main focus was to address the root cause of disruptions to improve business continuity. As such, the top management decided to implement a Business Continuity Management System (BCMS) based on ISO 22301.
After setting the company's business continuity objectives, the company established a project team,including a project manager and four additional team members. The BCM team was responsible for managing the BCMS implementation process, whereas the top management was responsible for the effectiveness of the BCMS. Through analyzing potential risk scenarios, the team defined Prebank's business continuity strategy as well as the resources for supporting business continuity within the company. This enabled the team to predict the impact of disruptions caused by various incidents, such as power outages. Following these actions, the company established a business continuity plan to manage disruptions effectively without impacting the workflow.
The effective implementation of the BCMS helped Prebank not only minimize losses and ensure continuity in its services but also absorb and adapt to a changing environment.
BCMS implementation helped Prebank to absorb and adapt in a changing environment. What is this ability known as?
Scenario:
Belle, a food and beverage processing company, is dedicated to crafting products that meet customers' needs while promoting healthier lifestyles. Central to its mission is a commitment to upholding the highest food safety standards and ensuring the consistent quality of their offerings. From the initial stages of preparation through processing, packaging, and transportation, Belle maintains rigorous control over every aspect of food production.
Recognizing the importance of resilience in potential disruptions, Belle adopted a business continuity management system (BCMS) based on ISO 22301. By implementing this system, Belle aimed not only to ensure uninterrupted product delivery but also to enhance its reputation, foster customer confidence, and gain a competitive edge. To oversee the BCMS implementation, Belle appointed a dedicated business continuity project team responsible for leading the BCMS implementation project. It also assigned a business continuity manager responsible and accountable for the BCMS overall.
Before initiating the BCMS implementation, the BCM team conducted a thorough analysis of the stakeholders involved. Using specialized tools, they categorized stakeholders according to their influence, expected level of involvement, and anticipated contribution throughout the implementation of the BCMS and related activities.
Throughout the BCMS implementation process, Belle’s top management emphasized the integration of business continuity principles into existing processes, aligning them with the organization's strategic objectives. They developed the business continuity objectives and the BCMS scope. To ensure widespread understanding and adoption of the BCMS among employees, the BCM team developed an instructional video explaining the business continuity policy. Recognizing the unfamiliarity of employees with business continuity terminology, the team subsequently devised a comprehensive training program aimed at enhancing staff competence in BCMS matters. This initiative not only educated employees about the policy but also underscored the benefits of improved business continuity performance.
The organization also established evaluation methods to assess the impact of competence trainings. It measured the staff engagement and retention levels, as well as performance against training objectives.
As Belle continued to innovate and expand its product and service offerings, the organization revisited its BCMS scope to remain aligned with evolving priorities. Recent additions to the scope included a new department and two new products aligning with its updated business continuity objectives to enhance the safety of raw materials and key ingredients.
In response to potential disruptive risks, Belle established clear protocols outlining specific actions to be taken, assigning responsibilities, and defining criteria for evaluating the effectiveness of these measures. By proactively addressing risks and fortifying its resilience, Belle aimed to uphold its dedication to delivering safe, top-quality products while also safeguarding the interests of its stakeholders.
In Scenario 3, at which level did the organization evaluate the effectiveness of the training activities?
TESTED 18 Dec 2024
