A well-monitored supply chain is any business’s key to productivity and profit. But each link in that chain is its own entity, subject to its own ups, downs, and business realities. If one falters, every other link—and the entire chain—becomes vulnerable. Kildow’s book identifies the different phases of business continuity program development and maintenance, including: • Recognizing and mitigating potential threats, risks, and hazards • Evaluating and selecting suppliers, contractors, and service providers • Developing, testing, documenting, and maintaining business continuity plans • Following globally accepted best practices • Analyzing the potential business impact of supply chain disruptions Filled with powerful assessment tools, detailed disaster-preparedness checklists and scenarios, and instructive case studies in supply chain reliability, A Supply Chain Management Guide to Business Continuity is a crucial resource in the long-term stability of any business.
Related collections and offers
|Sold by:||HarperCollins Publishing|
|File size:||3 MB|
About the Author
Read an Excerpt
A Supply Chain Management Guide to Business Continuity
By Betty A. Kildow
AMACOMCopyright © 2011 Betty A. Kildow
All right reserved.
Chapter OneBusiness Continuity Basics
AS A RESULT of catastrophic natural and human-caused disasters that have occurred over the past two decades, coupled with increasingly stringent regulatory requirements, the interest in and need for business continuity has never been greater. For a large corporation or a small to medium-size enterprise, a business continuity program produces a level of resilience that enables the continuity or quick resumption of operations following any disaster. It is this capacity that ensures an organization's ability to safeguard the interests of stakeholders, stay competitive, and comply with regulatory requirements. In some cases, business continuity can mean the difference between life and death for an organization.
Supply chains are the lifeblood of organizations. This is most obvious for retailers, wholesalers, distributors, and manufacturers. However, it is equally true for all other types of companies and businesses, whether they are private sector, public sector, or not-for-profits, as well as for government agencies. And, while the product itself is different from that of companies that produce and deliver a tangible commodity, service providers also have their own supply chains in the delivery of their service to customers.
Linking organizations, industries, and even economies, these arteries of business are extremely complex. Although we think in terms of the generally accepted terminology supply chain, the terms supply network or supply chain system better describe these multifaceted operations. In today's demand-driven supply chains, products and information are rapidly flowing, at times simultaneously and concurrently, in order to ensure that products and services are delivered in the correct quantities, to the right place at the right time, at the required quality levels, and with the ongoing requirement that everything always be done economically. As customers, we require it. As suppliers and service providers, it is our company's mission.
To omit the supply chain from business continuity planning is to omit the arteries that deliver the lifeblood to all business operations and make it possible to produce and distribute our commodities and services and thus meet customer needs and requirements. If business continuity plans do not include strategies for continuing or rapidly restoring supply chain operations following a disaster or otherwise significant interruption of operations, it is almost a certainty that restoration of operations will be delayed or halted as an ad hoc approach is taken to reestablishing the supply chain.
What Business Continuity Is ... and Is Not
There is not yet one meaning of business continuity that is understood, accepted, and applied universally. There are both theoretical and the functional definitions, and the lines between them often become blurred. Chief among these are the definitions of business continuity and disaster recovery, which even today are often used almost interchangeably.
For purposes of the discussions in this book, I use the following definition of business continuity, which is one of the most commonly accepted definitions: A proactive approach to ensure continuity or rapid restoration of delivery of the organization's service or product following a disaster; the ability of an organization to provide service and support for its customers and to maintain its viability before, during, and after a disaster.
Beyond a dictionary definition, business continuity is:
* A proactive approach to managing operational risks
* A program focused on protecting the organization's brand by ensuring its excellent reputation for reliability
* A strategic framework for improving an organization's resilience to disaster-caused interruptions
* A set of strategies for keeping the most critical business functions running while normal operations are restored
* The plan and procedure to enable the timely and orderly continuation of or rapid restoration of operations following a disaster
* A well-developed and maintained program with a goal of minimizing service and delivery delays and helping to ensure that customer and other stakeholder expectations are met
* Part of a multifaceted approach to protect the organization from risks
* An enterprise-wide management issue
* Activity performed by or on behalf of an organization to ensure that critical business functions are available to customers, suppliers, regulators, and other stakeholders that need or require access to those functions
* Excellent and prudent business management
To further define business continuity, it may also be helpful to acknowledge some misconceptions—things that business continuity is not. For example, business continuity is not:
* Business as Usual. It is business in survival mode or fight for your continued existence mode. The sole goal is to maintain an acceptable level of operation to fulfill the organization's primary mission. The bells, whistles, frills, and ribbons we all love and take for granted are not necessarily available when we are in business continuity mode.
* A One-Size-Fits-All Proposition. The size of the organization, the complexity of its operations, whether you deliver a product or a service, whether you have central or dispersed operations, the number and location of facilities, the hazards and potential disasters faced by the company, the government regulations that must be met ... these and a multitude of other variables make it essential that the development and implementation of a business continuity program be tailored to meet the needs and requirements of the organization.
* Insurance. While insurance may be a viable option to replace tangibles—such as buildings, equipment, supplies, inventories, and even lost income—insurance cannot replace vital intangibles, which are things that are both even more difficult if not impossible to replace and are key to business survival. Customer confidence and trust, value of the name brand, and a positive image and reputation cannot be covered by insurance. Nor can insurance replace customers that may be lost due to an inability to fulfill contracts or meet delivery dates or terms of a service level agreement (SLA) when disaster strikes. (A service level agreement is a legally binding contract or formal agreement between a supplier and a customer that details the nature, quality, and scope of the service or product to be provided.)
* A Luxury. Once considered a nice-to-have or when-we-get-around-to-it program, business continuity is now a fundamental core business practice, a necessity.
The Value of Business Continuity Planning
There is an often cited statistic regarding the success of businesses that have experienced a major disaster that has become a business continuity/disaster recovery version of an urban legend. The statistic has been used and quoted so widely and so often that few know its origin. The gist of this statistic—which, incidentally, is from 2002 and from the U.S. Bureau of Labor Statistics—is that 43 percent of businesses never reopen and another 29 percent are no longer in business within two years of their experiencing a disaster. While out of context, this statistic is somewhat general and would seem to encompass everything from small mom-and-pop operations to large international corporate behemoths, it is nevertheless often used as a business continuity selling point.
History has proved that there are no companies that are so big and powerful that nothing bad can happen to them. Yet when there is no direct return on investment, it can be challenging to define the value of business continuity planning, which is the process to develop, implement, and maintain strategies and procedures to ensure that key operations and essential business functions can continue or quickly be restored in the event of a disaster, major emergency, or significant threat to the organization and its operations. Though not visible on a P&L statement, here are just a few examples of the value of business continuity that cannot be tied directly to the bottom line:
* Customers are increasingly adding business continuity capability as a factor in the procurement selection process.
* Rest assured that it is almost a certainty that some if not all of your competitors are using the fact that they have a comprehensive business continuity program as part of their marketing approach, especially if they believe you don't have such a program.
* For some organizations, business continuity may be necessary in order to meet regulatory requirements. This is most notably true for banks and other financial services providers that in any way, shape, or form handle or physically or electronically process other people's money, as well as for healthcare businesses and pharmaceutical companies.
* In extreme situations, it just may be that the survival of your business, at least as you know it today, depends on the success of your business continuity program.
* It is morally and ethically correct to have a business continuity program to protect the interests of employees, owners, stockholders, customers and clients, and all stakeholders, including the general public.
* Here is an undeniable truth: Customers expect products and services to be available and delivered as agreed upon, and they expect that you will meet your contractual obligations even when disasters occur. Developing and implementing a business continuity program is the vehicle for meeting those expectations.
* See the preceding paragraph. In other words, developing, implementing, and maintaining a comprehensive business continuity program enables your organization to have continued operations in the face of disaster, thereby avoiding damage to the company and brand name image, thereby avoiding a loss of market share, thereby protecting the bottom line, thereby retaining corporate net worth, thereby helping to ensure the continuation of the business, and thus leading to continued employment. Enough said!
The bottom line is that in addition to being good business management, business continuity simply makes good sense.
A Historical Perspective
It may be helpful for those newly assigned to business continuity planning responsibilities, as well as for those more experienced in this regard, to take a look back at its history. Also interspersed as road markers in the discussion that follows are a few milestones in the evolution of supply chain management. (These "road markers" are presented here in italic type.)
The roots of business disaster management began with emergency preparedness and response planning required to comply with occupational safety standards enacted after the death of 146 workers in the 1911 Triangle Shirtwaist Factory fire in New York City. These efforts focused on preparations for actions to be taken to respond to what were primarily physical events, such as a fire, hurricane, or earthquake. Emergency response plans to address threats to the safety of people were already in place in many organizations, with a focus on life safety systems, emergency supplies and equipment, and trained employee emergency response teams. The primary goal was to keep people safe and protect the physical assets of the company and to begin stabilizing the company immediately following a disaster.
* * *
In the first half of the twentieth century, the supply chain was a series of linear paper-based processes that connected suppliers, wholesalers, retailers, and end consumers—literally a chain of people and paper links. For most companies, the supply chain was limited in geographical scope and included a small number of suppliers and service providers. In the post–World War II economic boom, it became evident that there was a need to improve the existing low- or no-tech, nonscientific approach that was currently in place with methods and processes that better met current needs.
* * *
Beginning in the late 1950s and into the 1960s and 1970s, companies increasingly recognized the need to protect and keep operational new and progressively more important technology, such as electronic data systems, networks, and advanced communications systems. During the second half of the 1970s, the term disaster recovery was first used to describe strategies and plans developed to restore IT, telecommunications, and other related technology. In some industries (for example, financial institutions), rigorous approaches and programs were implemented to meet increasingly strict regulatory requirements for the protection of critical systems and data. In other industries, backing up data on floppy disks and storing those disks in a desk drawer near the computer was considered disaster recovery.
* * *
Beginning in the 1960s, management of the supply chain also benefited from newly developed approaches that combined information technology and business processes. Chief among the new management tools were software systems to manage inventory and maintain the appropriate level of stock in a warehouse. Identifying inventory requirements, setting targets, providing replenishment options, tracking item usage, reconciling inventory balances, and reporting up-to-date inventory status resulted in greater efficiency and profitability. In the 1970s, supply chain management (SCM) became the commonly used terminology for this more advantageous approach.
The 1960s and 1970s saw tremendous growth in international trade. This trend was motivated and supported by several factors. Geographic accessibility was being expanded while trade barriers were being removed. More international air cargo shipping locations and carriers led to increased air freight cost competitiveness. Standardized modular freight containers streamlined conveying freight among railroads, trucking companies, and cargo ships. Rapidly growing high-tech corporations were looking for new market opportunities and new production sites. Operations were moved to developing countries where manufacturers found lower production costs and a vast pool of low-cost unskilled labor. A result of expanded international trade was a supply chain that was more complex and more demanding than ever before.
* * *
In the late 1970s, as the escalation of computerization and automated processes continued, a rapidly growing number of companies realized the critical need for the soon-to-be ubiquitous technology. Strategies were formulated to protect computerized data and systems, including redundant systems, off-site storage of data backups, and developing more sophisticated plans that provided guidance for the restoration of the organization's technology in the event of a disaster. It was just coincidental that some of the technology to be recovered was also needed to support business operations.
Disaster recovery planning continued to expand as the 1970s came to a close, creating a market for the growing number of contracted alternate sites that were being established throughout the United States and beyond. These sites were used for relocating and reconstituting IT operations when a data center was destroyed, severely damaged, nonoperational for whatever reason, or inaccessible. The backup computer centers, termed hot sites, provided alternate pre-equipped locations at which data center operations could be reestablished following a disaster. Hot sites became an increasingly used disaster recovery solution for data-dependent companies, in particular those with large, centralized mainframe computers, and a new industry was born. SunGard Recovery Services, Comdisco, and IBM were among the company names that first became synonymous with this new service industry.
* * *
It was in the 1980s that the terms supply chain and supply chain management were first used. While there is no documentation as to who originated the term supply chain, credit for coining the term supply chain management is given to consultant Keith Oliver of Booz Allen Hamilton, a strategy consulting firm that used the term when conducting a 1982 study to assess strategic approaches to managing the handling of raw goods and materials and product delivery.
Excerpted from A Supply Chain Management Guide to Business Continuity by Betty A. Kildow Copyright © 2011 by Betty A. Kildow. Excerpted by permission of AMACOM. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.
Table of Contents
CHAPTER 1 Business Continuity Basics....................1
CHAPTER 2 The Business Continuity Program: Who Owns It, What Drives It?....................21
CHAPTER 3 Business Continuity Best Practices....................37
CHAPTER 4 The Organization, the Supply Chain, and Business Continuity....................58
CHAPTER 5 Risk Identification and Hazard Assessment....................68
CHAPTER 6 The Business Impact Analysis....................84
CHAPTER 7 Supply Chain Business Continuity Strategies....................106
CHAPTER 8 Business Continuity Plan Documents....................149
CHAPTER 9 Testing and Maintaining Business Continuity Plans....................174
CHAPTER 10 Business Continuity Standards, Regulations, and Requirements....................186
APPENDIX A Business Continuity Planning Assessment Questionnaire....................201
APPENDIX B General and Supply Chain–Specific Hazards Checklist....................205
APPENDIX C Pandemic Planning....................208
APPENDIX D The Business Continuity Team....................214
APPENDIX E Continuity Plan Samples....................222