Policies for Business Continuity

Viewing 3 reply threads
  • Author
    Posts
    • #292551

      This SIG Member in the insurance industry is seeking some insights, advice, samples/examples, or other resources for refreshing their procurement operations (requisitions, purchase orders, invoices, catalogs, contracts) business continuity plan.

      Will you kindly take a moment to assist? 

      1.What kind of plan does your company have in place for addressing a disruption in business services or systems?

      2.What does it cover? 

      3.Who developed it? 

      4.How often do you audit and refresh? 

      5.Can you share an example? 

      As a reminder, SIG will gladly scrub and anonymize any donated tools, templates, or samples and remit for your approval before distributing. 

      Responses can be posted below and/or sent to [email protected]

    • #295684

      1.What kind of plan does your company have in place for addressing a disruption in business services or systems?

      1.Identification of critical systems that enable the prioritisation of what systems need to come on line first.  For example ones that manage critical infrastructure are first but the ERP system for procurement activities would be last

      2.What does it cover? 

      1.Organization access vs localised access issues

      2.Impact of no access to building or infrastructure

      3.Who developed it? 

      1.Business unit created their own for processes and how to maintain them and what to do in the advent of network outages

      2.IT group managed the process for it outage and how to being on line

      4.How often do you audit and refresh? 

      1.2 years

       

    • #295685

      Would recommend they also ask for the type and location of failover backup facilities that are available to bring the requestors company digital operations back up in a timely manner. i.e.; 4 hours, 8 hours 24 hours, etc.

    • #295686

      1.What kind of plan does your company have in place for addressing a disruption in business services or systems?

      BCM Plans need to include recovery strategies for 5 pillars that make up a service/function we provide to our external and internal clients.

      Various recovery strategies can get implemented. We assume an all hazards approach regardless of the cause of the disruption.

      Impact pillars:

      Loss of Building (Office and Home)

      Loss of Staff (20-40%) (Pandemic is a subset)

      Loss of Third Party

      Loss of Application

      Loss of Data

      Recovery Strategies:

      WFH, Work from Recovery Site, Transfer Work to different team, Transfer Staff to different office location, Manual Work arounds, Alternate Applications, Alternate Third Parties, re-prioritize workload, 

      Disaster Recovery plans for applications contain runbooks, fail-over plans, etc. on application level.

      2.What does it cover? 

      The BCM Framework is mandatory/applicable to the entire organization.

      3.Who developed it? 

      The Framework is owned by the Risk Division and the implementation is with each business function. The program is aligned to ISO22301 and all specific regulations by the relevant regulators for our organization.

      An internal developed BCM Planning tool is in place to manage the BCM lifecycle. A tool for emergency notification is 

      4.How often do you audit and refresh? 

      Review, refresh, test and approval of BCM plans is required at least annually. Audits and Exams happen constantly by internal Audit functions or external bodies like regulators.

       

Viewing 3 reply threads
  • You must be logged in to reply to this topic.