BCM Presentation - March 2015

Business Continuity Management

Paul Marsden – Group Business Continuity Manager

Business Continuity - Planning ► BCM Definition (BS ISO 22301)

– “holistic management process that identifies potential

threats to an organization and the impacts to business

operations those threats, if realized, might cause, and

which provides a framework for building organizational

resilience with the capability of an effective response

that safeguards the interests of its key stakeholders,

reputation, brand and value-creating activities”

Business Continuity - Planning

► Best practice from ISO 22301 – Business Continuity Management systems

– Keepmoat BCM Policy, Procedures, Plans, Business Impact Analysis cover critical business functions including supply chain reviewed through internal audits, desktop tests and live exercises.

– Project Business Continuity Plans set out how continuity of business will be achieved under various business disruption events including the Disruption of the Supply of Materials. The Plan will include an indicative schedule of test and review dates.

– All BCPs are reviewed as part of the Annual Management Review.

Business Continuity - Planning ► Business Continuity Planning

Business Continuity - Planning

► Business Continuity Planning

Business Continuity - Process

► All Hazards Approach to Disruption Events

– Keepmoat adopt an ‘all hazards’ approach addressing the consequences rather than purely the causes

– BCP linked to Clients’ Civil Emergency Plans to support the plans for Major Disaster and Civil Emergency.

– Key threat categories include; Loss of access to Buildings Environmental inc. external threats People – key staff and health epidemics IT – data, network and communications Combinations of the above


► All Hazards Approach to Disruption Events

Risk Assessment (RA)

Business Impact Analysis (BIA)

Business Continuity Plan (BCP)

Train, Test and Live Exercises

Rev

iew

& I

mp

rove


► Risk Assessment (RA)


► Risk Assessment (RA) - IT


► Risk Assessment (RA) - People


► Business Impact Analysis (BIA)

Business Continuity

► Business Continuity Plan

(BCP)– BCP Objectives– Roles & Responsibilities– Key Risks– Contacts– Invocation and BC processes– Tests and exercises’ schedule– Client Emergency Support


► Test & Exercises’ schedule

– Carried out in accordance with BS ISO 22398

– Tests verify recovery time objectives within BCP and test out crisis scenarios.

– Tests and exercise programmes based on risk assessment but as a minimum within:-

3 months desk top tests and 12 months ‘live’ exercises

Business Continuity

► Go Bags

Business Continuity – 4 key threats

► Disruption to IT & Data

► Systems redundancy inherent in Keepmoat approach– Co-location of IT infrastructure

– Distributed office locations► Data security maintenance► Regular systems testing and

resilience proving


► Disruption of Time essential Staff

– Succession planning– Trained deputies– Temporary delegation of authority– Prioritised BC support for designated staff


► Denial of access to office

– Staff work from home using secure IT– Pre-allocated locations in alternative Keepmoat

offices– Ability to rapidly move

to serviced offices


► Disruption of the Supply of Materials

– All Suppliers and Subcontractors are formally approved using stringent, due diligence processes.

– Alternative suppliers and Subcontractors available– Robust specifications for supplier materials ensure that

client requirements are met for each project.– Keepmoat carry out quality audits on supply chain processes and

individual companies to test robustness of supply including assessing their business continuity plans.

– Supply Chain will be analysed and assessed in accordance with standard PD 25222 using tests and live exercises

Business Continuity

► Thank you

► Questions?

BCM Presentation - March 2015

Documents