is the online magazine of BSI Group, highlighting the vital role that standards play in today's business environment by helping organizations improve quality, save money, reduce risk and be more sustainable. Features include interviews with leading business figures, as well as news on the latest developments in management systems, standards, testing, healthcare and certification.
Strengthening the links: business continuity in the supply chain
20 Sep 2011
Topics: Business continuity, Risk management, Supply chain, Outsourcing, BCM
In today's interconnected business environment, continuity of supply is no longer just about taking care of your own business continuity management.
When a critical supplier lets you down, the consequences to your own business can be dire. How can companies best tackle continuity in the supply chain and what does the future hold?
The supplier of raw materials or components; the outsourced IT provider, facilities company or contact centre; the logistics people who take care of distribution; the critical partners of your own critical partners - each is an essential component in your ability to maintain business continuity. But how can organizations reduce the risk of things going wrong? "You must focus on supply chain continuity as one of the major parts of an effective business continuity plan," says Tim McGarr, BSI's Sector Content Manager for Risk and Business Continuity.
Yet, seemingly, it's still too seldom that business continuity management (BCM) takes adequate account of the supply chain. Research from the Business Continuity Institute (BCI) indicates that, taking large and small companies together, nearly a quarter had no plans to cope with disruption to their supply chain or outsourcing suppliers.
Of those who did insist on their supplier having BCM in place, 18 per cent accepted a statement to that effect from their suppliers without further evidence, 27 per cent asked only to read the plans and a further 27 per cent had no idea how the plans were verified. The BCI commented at the time: "This is an alarming gap in the continuity planning of many businesses."
An increasing risk
Given that today's supply chain is more fragile than ever, this is worrying. It's always been the case that suppliers are generally smaller and leaner than their customers, and therefore have fewer resources to draw on if an incident occurs. But this leanness has been exacerbated by the economic downturn.
Added to that is the fact that supply chains have become longer and more complicated: they may rely on out-of-region raw materials; run just-in-time inventories; operate extended hours; or be stretched by growing regulatory requirements, all of which makes them less robust. They may well have responded to cost pressure by cutting out waste, including wasted time - so the movement of goods, services and information has sped up, leaving less slack to fix issues before they become critical.
That said, the biggest change in supply chains in recent years seems to be the rise of outsourcing, which further extends the supply chain and multiplies complexity. Colin Ive is the principal consultant at CoDRIM, a leading business resilience consultancy, and a BCM expert with more than 30 years' experience. "Incidence of things going wrong are becoming all too common, and I believe a great deal of this comes from outsourcing," he notes.
Ive points out that, back in the day, if the lights went out, the on-site maintenance man would replace the fuse fairly quickly. Today, it's often necessary to log a call with the outsourced facilities management company, who in turn may well log a call with their specialist outsourced electrical maintenance company. They will come and replace the fuse, but time is lost in the interim. "Doing it this way saves money," says Ive, "but people also need to accept the continuity risk, and the more you outsource, the longer the supply chain will be."
Moving it forward
Surely that's what service level agreements and contracts are for? Yes and no, says Ive. "You can have SLAs, but they have to be good enough. A failure might penalise a supplier £500,000, but if the disruption costs you £5m then it's not sufficiently robust to protect your organization."
According to Ive, buyers need to understand the business impact that failure of key suppliers has. They need visibility of prospective suppliers' business continuity capabilities in order to make risk-aware purchasing decisions that are not solely based on price and speed.
Visibility seems to be an important point. "In BCM planning you have to identify where the risks may lie, share your concern with that exposure and work on what you can do together to mitigate it," says Paul Stanfield, Product Marketing Manager EMEA for BSI's Entropy® Software solution. "First, identify the risk, then create a dialogue and visibility of the issue towards some resolution or at least mitigation of the issue."
Entropy® Software, he says, is very effective in enabling this. "Anyone can do a risk assessment," says Stanfield, "but the question is do you trust that? We now see companies using their own internal audit team, or proxy auditors like BSI, to assess where people are up to with BC planning, how they exercise the plans to ensure all procedures are documented and actions closed off. All of the audit process, procedures, testing schedules and reporting can be placed within Entropy and both the supplier and purchaser can have full visibility. And, because Entropy is web-based, loss of a facility doesn't stop you accessing that information 24/7 from any internet-enabled location."
Business continuity management
Suppliers can provide the necessary visibility or, at least - when there is concern about sensitive information in the BCM - present a body of evidence that shows when a plan has been put together, that it's regularly updated and tested with exercises.
Meanwhile BS 25999, the business continuity management systems standard, provides a structure for all BCM activity. Ive notes that BS 25999 is a well recognized and accepted standard across the world, and third-party certification provides an effective short-cut to proving that BCM is best practice and fit for purpose. It also gives certified suppliers a valuable marketing tool.
The standard pays attention to the supply chain, asking users to "determine what BCM arrangements are in place" within "suppliers and outsourced partners on whom critical activities depend". "In reality, that's huge," says Lorna Anderson, BSI's Global Scheme Manager for BS 25999. "It's only one part of the BC system, but people need to look at the strategies that are in place for dependent suppliers and how they would deal with the loss, and to assess the threats in the supply chain."
Additionally, in response to calls for more guidance on the BC aspects of the supply chain, BSI is working on PD 25222. Due to be published before the end of 2011, it will be a companion document to BS 25999 and provide practical methods for understanding and applying BCM in third-party relationships.
Incidentally, BSI also now provides supply chain security solutions that enable secure, resilient and well-managed supply chains. Its online Supplier Compliance Manager© assessment tool provides risk-based global supplier screening that provides intelligence on supply chain security exposures in 212 countries. BSI's Supply Chain Solutions also provide supplier research, analysis, guidance and training to support organizations with supply chain security, and especially supply chain regulatory compliance.
Growing trend
Meanwhile, both Ive and Stanfield are noticing a new and growing trend in supply chain management - a move towards far greater transparency and integration between suppliers and their customers. "In the past, people were happy to accept statements about BCM, but as a result of a growing number of incidents that's no longer the case," says Ive. Stanfield concurs, characterising it as "a massive change". "It's now much more about building partnership relationships with critical suppliers, with two-way visibility. I'm not saying it's yet the norm, but it's very much the trend."
And it does look like a trend that is set to continue, as everyone involved sees the benefits. Suppliers gain the reassurance that they are engaged in long-term stable relationships. Their customers see that transparency promotes ethical sourcing and reduces reputational risks; it can reduce the costs of compliance; it leads to asset- and cost-efficiencies and customer service improvements and it drives the growth of innovation as suppliers come to you - and not your competitors - with new ideas. In other words, sustainable supply chain relationships lead to competitive advantage. This is also good news for reducing the business continuity risks in the supply chain.
Business Standards © 2010. Editorial produced by Caspian Publishing in association with The British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.
OCS, an international facilities services group based in the UK, has achieved triple certification to ISO 9001 Quality management, ISO 14001 Environmental management/ and BS OHSAS 18001 Health and safety management with BSI.
Airbus in the UK has achieved certification to BS 25999, the Business Continuity Management (BCM) standard, following an audit from BSI. The certification covers Airbus? wing manufacturing site in Broughton, North Wales and becomes the first aerospace manufacturing company to receive certification to this standard by BSI.
As part of its evolving governance, risk and compliance strategy, BSI has acquired the Supply Chain Security Division of First Advantage Corporation.
Until now, there has been no strict guidance in the UK relating to how audiovisual (AV) installations are carried out. This includes everything from computers and projectors to interactive whiteboards, plasma screens and loud speakers. For AV installation companies, processes can vary significantly.
Monarch Airlines chooses BSI for its European Union Emission Trading System (EU ETS) verification
Monarch Airlines has selected BSI as its provider of verification services against the requirements of the EU ETS directive. This comes in response to the industry's requirement to monitor its CO2 emissions and demonstrate compliance with the directive by submitting a verified annual emissions report by 31 March every year from 2011 onwards.
We are under increasing pressure to comply with a growing number of regulations and to maintain growth - while under greater scrutiny than ever before. How can this be good for business?
We are all in the risk management business. In the current climate, as consumers we are encouraged to claim compensation or sue for damages for almost any negative incident we encounter.
Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.
