BSI: grace under pressure



We are living in uncertain times, where lives and businesses can be ruined not just by wars and natural calamities but also by volatile markets, insurgency, fires or even a sub-prime crisis.
All organisations, from major international corporations to SMEs, from government departments to hospitals, face a wide range of risks that change from year to year, season to season, day to day and in all dimensions.
For some companies, these risks are more obvious if operations are run in volatile markets, but for others, it is the unforeseen circumstances that can bring the business to standstill, never to start again.

The question that all businesses need to ask themselves is “Will my company survive if my office building collapses, a flood or fire destroys everything or a new sub-prime crisis hits the financial markets?” If the answer to all these questions in “no” then it is high time businesses put together a crisis management plan.
BSI Management Systems a global provider of management systems assessment, certification and training services, is now in the UAE to help businesses manage a crisis better.

BSI works with hundreds of global firms such as Boeing, HP, LukOil, Petrobras, Hyundai, Air China, General Motors, Alcoa, Citi Group, Royal Mail, Tarmac Group, Bank of Tokyo Mitsubishi, and even the United Nations, to help them develop crisis management techniques.

BSI will be launching its services in Dubai today. On the eve of the launch, Theuns Kotze, Regional Director, BSI Management Systems Middle East spoke to Emirates Business about how all businesses need to put in contingency plans in place and the risk being faced by oil and financial firms in particular and what they need to do.


Why do firms need a contingency plan?
Continued operations in the event of a disruption, whether due to a major disaster or a minor incident, is a fundamental requirement for any organisation. Figures have proven that companies which fail to resume normal trading after 30 days will most likely go out of business. 

The implementation of a management system helps an organisation achieve continuous performance improvement and demonstrates to customers, competitors, suppliers, staff and investors, that it is capable of handling a crisis efficiently and it uses industry-respected practices.

Where do you come in?
We have developed the world’s first Business Continuity Management (BCM) standard. Called the British Standard, BS 25999 it helps minimise the risks of disruptions.The standard is designed to keep a business going during the most challenging and unexpected circumstances.
The BS 25999 has been developed by a group of world-class experts representing a cross-section of industry sectors and the UK Government to establish the process, principles and terminology of Business Continuity Management.
It provides a basis for understanding, developing and implementing business continuity within an organisation and gives confidence in business-to-business and business-to-customer dealings. It also contains a comprehensive set of controls based on BCM best practice and covers the whole BCM lifecycle.

Who is it relevant to?

BS 25999 is suitable for any organisation, large or small, from any sector. It is particularly relevant for firms that operate in high-risk environments such as finance and telecommunications, where the ability to continue is paramount for the organisation itself and its customers and stakeholders.

What kinds of risks do companies in the UAE face?

A recent example is the floods in Dubai and the earthquakes in Sharjah. Apart from natural and other disasters such as hurricanes and fires, companies face loss of critical staff, technology, knowledge and market price movement. This could result in supply interruptions.

As seen in the recent sub-prime credit crisis, some financial institutions did not assess the risk adequately and did not have robust plans in place to recover, resulting in business continuity being seriously affected.

Disruption of the internet or links to the world financial markets could have a serious effect on the business continuity of a financial company. Also, the current upward trend in the price of crude oil is good news for some but also increases the risk profile of a number of companies across the world.
Companies should start modelling the oil price in their business risk models at $200 (Dh734) per barrel to understand the risk it poses to their survival in 2008 and beyond.
How many oil and financial firms in the UAE have risk management plans in place?

At this time, there are no specific statistics upon which we could provide a reliable answer for the UAE. Nevertheless, many oil and financial companies have already started on the road to building business continuity into their core business practices and processes.

What kind of risk management plans would you ask them to put into place?

We require organisations to start with an incident response plan. The next step is to have a business continuity plan followed by a recovery, resumption and ‘back to normal’ plan.
As a starting point oil companies and other organisations are required to identify their critical activities, which have to be performed in order to continue to deliver the key products and services, therefore, ensuring that the organisation meets its most important and time-sensitive objectives.

How can companies develop resilience to unexpected incidents?

Organisations will need to carry out an impact analysis to understand what is critical to them and their business.

From this point, they need then to identify the threats that could impact on the business and from here, develop strategies that will increase their resilience.

How can firms plan their response to events and recovery?
Oil and financial companies should start by identifying their critical activities and risk assess incidence and disaster that can affect their business survival.

Then there are three strategies: reduce the likelihood of disruption, shorten the period of disruption and limit the impact of the disruption on the organisations’ key products and services.

How can they provide equipment and infrastructure for disaster management?

Oil and financial firms are strictly regulated by legislation in the countries where they operate. A back-up system could include power generation alternatives, “UPS”, fire protection equipment, and satellite communication links in different countries and alternative suppliers.

How can they strengthen strategic and forward-looking focus by developing mechanisms for risk identification and management?
In terms of the Dubai Strategic Plan, forward-looking focus should include the following activities: implement an integrated strategy and performance management framework; develop strategies that are aligned across government entities; set guidelines and build capabilities for improved strategic planning, policy making and performance management; develop mechanisms for risk identification and management; set mechanisms for evaluation of policies and decisions post implementation.

How can Dubai’s laws and regulations for oil and financial companies be aligned with international best practice?
The Dubai strategic plan 2015 announced by His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice-President and Prime Minister of the UAE and Ruler of Dubai requests companies to adopt world best practice.

BS25999 Business Continuity Management Standard is regarded as world’s best practice for Business Continuity.