2012年10月17日星期三

HKQAA Seminar on ISO 22301 Business Continuity Management System

The Seminar on ISO 22301 Business Continuity Management (BCM) System was organized by Hong Kong Quality Assurance Agency (HKQAA) on 16 Oct 2012. The seminar aimed to introduce the new ISO 22301 standard and provided the worldwide insights of BCM.


The first speaker was Mr. PC Chan (Chief Operating Officer, HKQAA) and his presentation named "ISO 22301:2012". In the beginning, he quoted Bill Clinton statement that "We live in a completely interdependent world, which simply means we can not escape each other."


Then Mr. Chan briefed what crisis we faced such as Financial Crisis, Climate Change, Uneven Distribution of Wealth, etc. After that Mr. Chan shared Case studies for Crisis Management. The first good example was "The Hong Kong MTR Arson Case" in 2004. It used only 26 minutes to handle the case and without life loss. The other similar case was happened in Taegu Metro, Korea. There were 198 people die.


Mr. Chan quoted Jack Welch Five Stages of Crisis Management for our reference.
1. Denial (不承認)
2. Containment (將問題轉移他人)
3. Shame-mongering (自我保護,互相指責)
4. Blood on the floor (危機造成嚴重影響)
5. Crisis get fixed (危機終於得到解決)

If most every crisis followed the above pattern, why don't we manage them better, or even prevent them?
Sudden Crises and Smouldering crises are briefed. Then ISO 22301 model was introduced which was similar to ISO 9001 PDCA process approach model and fully compatible to ISO 14001 and OHSAS 18001. The life cycle concept to implement BCMs were mentioned. The most different to change was Organization's Culture.


Risk assessment should understand the internal and external environment, as well as, your stakeholders in which separated into primary and secondary stakeholders.


Mr. Chan used the book "Our Iceberg Is Melting" to conclude the presentation, indicating that we needed to take action now!

The second speaker was Ms. Dorothy Chan (Representative of Hong Kong Association of Risk Management & Safety (HKARMS)) and her presentation topic was "Preparing for the Unexpected - Business Continuity Management".


Ms. Chan explained the conceptual model and the concept of "Crisis Management", "Business Continuity" and "Disaster Recovery".


After that she introduced seven stages to prepare BCM below.
Stage 1 - Identify and Prioritise Business Processes
Stage 2 - Risk Management
Stage 3 - Business Impact Analysis
Stage 4 - Business Continuity Strategy Development
Stage 5 - Business Continuity Plan Development
Stage 6 - Business Continuity Plan Testing
Stage 7 - Business Continuity Plan Maintenance


She also briefed the implementation process of Business Continuity (BC) Plan below.
a) Activation of BC plan
b) Notification of BC plan implementation
c) Call out of implementation team
d) Maintain communications internally and externally
e) Information analysis and management decisions
f) BC strategies
g) Strategy review and situation updates
h) Business or operations resumption

The third speaker was Mr. Frank Chow (Chairperson, Professional Information Security Association (PISA)) and his topic entitled "Case Study in Business Continuity".


Firstly, Mr. Chow introduced the "Initial Interruption Management" diagram, which involved different organization functions and activities.


Then he explained the Interruption Period which affect our business recovery.


After that Mr. Chow shared the case study of Boeing during Seattle Earthquake in 2001. It was found only 20 employees injured but non-serious, 75,000 employees sent home. Operations came to halt and damage of headquarter building, telecom equipment, facility and Boeing field (airport), etc.

Mr. Chow briefed the three elements of Busincess Continuity in which Boeing had done so as to minimum the loss during earthquake.
1. Catastrophe risk assessment
2. Business Continuity Planning
3. Exercising staff and other resources to ensure awareness and preparedness

The Business Continuity Planning included the following items.
a) Plan objectives
b) Structured Management Response
c) Safety of staff and facilities
d) Communication
e) Contingency facilities
f) Staff
g) Regulatory authorities
h) Customers
i) Suppliers

Q&A Session
Activate criteria of the BCP must be defined and the responsibility person should be senior management such as CEO, COO, etc.
Role of internal BCM auditor was checking the compliance of the BCM system.


Reference:
HKQAA - http://www.hkqaa.org
Hong Kong Association of Risk Management & Safety (HKARMS) - http://www.hkarms.org/
Professional Information Security Association (PISA) - http://www.pisa.org.hk/
My prevision training on the Implementation of Business Continuity Management - http://qualityalchemist.blogspot.hk/2008/10/implementation-of-business-continuity.html


沒有留言:

發佈留言