Scenario:
NexTech Innovations, a dynamic tech startup located in Seoul, South Korea, is renowned for its advancements in artificial intelligence and robotics. Serving a global clientele, NexTech encountered a sudden obstacle when a critical supplier abruptly ceased operations, disrupting their supply chain and threatening their ability to deliver products on schedule. Recognizing the need for resilience, NexTech initiated the implementation of a robust business continuity management system (BCMS) based on ISO 22301.
NexTech's top management established a project team of five members and appointed Rebecca, the lead operations manager, as the project manager. The BCM team was tasked with the effective implementation of the BCMS in line with ISO 22301 requirements. Rebecca worked with the top management to analyze the internal context of the company to define the BCMS scope, focusing on assessing and determining who is responsible for coordinating and managing activities at different organizational levels.
The project team divided the implementation project into smaller tasks, identifying the personnel, equipment, and materials needed for each. Rebecca personally handled resource allocation to implement and support the BCMS. Meanwhile, the top management ensured active involvement and commitment at all levels of the organization to enhance the BCMS's effectiveness.
Rebecca and the team drafted and published the business continuity policy on the company’s website. However, some employees found the technical jargon challenging to understand, so comprehensive training sessions were held to address this issue. These measures strengthened NexTech’s resilience and enhanced client trust by proactively addressing potential disruptions.
Rebecca allocated the necessary resources for implementing and supporting the BCMS. Is this in compliance with ISO 22301?
Scenario:
Prebank is a multinational financial institution. Its services include banking and investing through banking centers, ATMs, and mobile banking platforms. With millions of clients, Prebank's database systems record vast amounts of data and transactions daily. Its main activities depend on the ability of its employees to access clients' data through its database system at any time.
Recently, Prebank's database system stopped working unexpectedly. Soon after, it was discovered that this disruption was caused by the maintenance work on the road outside the company's office building. During the road repair, the workers had unintentionally damaged a water pipe that leaked into Prebank's basement. This leakage affected the company's electrical infrastructure, resulting in a loss of power, which shut down equipment and computers in the server room. Consequently, employees were unable to access Prebank's database system.
After this incident, the employees immediately notified Prebank's IT team. Subsequently, the IT team informed both the maintenance company responsible for the roadworks and the insurance company. The company responsible for maintenance told Prebank's IT team that the maintenance team was not available for the day. Since Prebank did not have a plan for responding to similar disruptions, they had to stop working and go home. Thankfully, the maintenance team arrived at the scene on the next day and made all the necessary repairs, allowing Prebank to resume all its operations.
Following these events, Prebank decided to change its strategy and procedures to prioritize business continuity planning within the company. Its main focus was to address the root cause of disruptions to improve business continuity. As such, the top management decided to implement a Business Continuity Management System (BCMS) based on ISO 22301.
After setting the company's business continuity objectives, the company established a project team, including a project manager and four additional team members. The BCM team was responsible for managing the BCMS implementation process, whereas the top management was responsible for the effectiveness of the BCMS. Through analyzing potential risk scenarios, the team defined Prebank's business continuity strategy as well as the resources for supporting business continuity within the company. This enabled the team to predict the impact of disruptions caused by various incidents, such as power outages. Following these actions, the company established a business continuity plan to manage disruptions effectively without impacting the workflow.
The effective implementation of the BCMS helped Prebank not only minimize losses and ensure continuity in its services but also absorb and adapt to a changing environment.
What does ISO 22313 emphasize regarding business continuity management?
Scenario:
Alex, the project manager of the BCMS implementation project at Company ZY, developed a process to identify the required resources for establishing the BCMS. He discovered that the company lacked a well-integrated communication and information system and also needed additional office space to accommodate new hires.
What resources did the company need?
What is an aspect to consider when managing records?
Scenario:
Teleconn, a UK-based telecommunications provider, initiated a BCMS based on ISO 22301 to ensure reliable and consistent services. To monitor the BCMS’s performance, the internal audit function was outsourced to a company specializing in auditing services. The outsourced internal auditor was given unrestricted access to employees and documented information necessary for an effective audit.
According to Scenario 6, considering that the review occurred during a regular management meeting rather than a specially scheduled session, the top management did not find it necessary to document the results of the management review. Is this in accordance with ISO 22301?
What should be avoided in the business continuity policy?
According to ISO 22301, what should the top management ensure when establishing the business continuity policy?
What benefit can an organization obtain from a BCMS, from a business perspective?
What does measurement refer to?
Scenario:
Headquartered in Sri Lanka, Operons Inc. is a freight forwarding company that adopted a BCMS aligned with ISO 22301. Prior to the certification audit, Operons Inc. measured gaps between their BCMS and the standard's requirements to ensure compliance. The certification body was contracted to conduct the audit, and a biased auditor from a previous ISO 9001 audit was replaced uponrequest. During the audit, two minor nonconformities were identified, and the audit team issued a recommendation for certification.
Before the audit activities were scheduled to begin, Operons Inc. measured any gaps between the BCMS and the requirements of the standard. What did it conduct in this case?
