Should we be doing contingency planning for my ISO Management System?
This Week's Question
A few weeks ago I had a conversation with a few people around how things were going with their business in light of the ongoing uncertainty of the pandemic and day to day business in general. One of the topics that came up was around contingency planning within the company and the various approaches they each had. In one case the company readily admitted they had some stuff to keep ISO happy but it wouldn't work in reality and they had never tested it. A few of the other people asked, should we be doing contingency planning for our ISO systems?
The Feedback
One of the things I love doing and helps me relax is taking photographs. Getting out into middle of nowhere and I taking some landscape images is one of my all-time passions. I recently spent some time up in Hamner Springs and I managed to get some time to myself, so I thought I'd go out and do some research. What do I mean by research? I'm going out photographing, you just point and click!
Well, no you don't one of the things the landscape photography is there are lots of variables what the cloud's doing what's the sun doing time of day what's your foreground what stuff do you want to get in the background. Do you want it to be raining do you want it to be sunny do you want sunrise, do you want some stars all these things come into play so you have to plan what you're going to do.
I'm at the top of Conical Hill, it's not a big hill and takes about half an hour to walk up unless you've got a backpack like this for your camera gear then it takes a little bit more. Again, you have to factor that in because if you want to be somewhere for a particular point, if you want to be there for the sunrise or for the moonrise or for the milky way popping up in the right place you've got to be there on time and you've got to be set up and ready to go. So, one of the things we do is go out and research we go out and practice and we get ourselves set up and point the right direction and I might geo map it and say right that's where I'm going to go.
Contingency Planning
From business point of view how does that remotely tie-in? Well, it's not far off your business planning process that you need to be doing, especially around continuity planning. If your CEO disappears overnight or gets sick or your CFO or one of key members of staff, what do you do? If you get hit by a pandemic, as we are at the moment, what do you do? What are the steps that you're going to take to make sure your business keeps going? That you meet all the customer demands that you don't have any problems. If you have to recall what the steps you have to take?
Now you don't want to wait until the moment happens and then fumble about and try and figure out what exactly you're supposed to do. You want to have plans in place in advance for what ifs. If this happens here's how we handle it, if this happens, we do that. ISO 27000 is going to require you, for instance, to notify people if you've had a data breach. Now what you tell them, how quickly you respond and what order is important. Knowing what you need to do, when you need to do it and who needs to do it is really important. That's what business continuity planning is all about. If you have a disaster or something happens, we know what we're going to do. We know when we get there who's going to do what, why they're going to do it, how they're going to do it and what tools they're going to need to do it.
One of the ways you do that is by practicing, by staging mock events to see what happens. Now from an audit point of view, you can audit that in your new system, and you should audit your contingency planning system. That might be that you run a mock process through it and test it out see what works well what doesn't work well.
If you, as a business, are just skating along and thinking well we'll make it up as we go along and we'll figure it out because we always do, that's not going to last you very long and certainly from an ISO point of view it's not going to be acceptable. Have a think about the various scenarios that you need a contingency plan for. Come up with those scenarios, come up with the outcomes you want to have and think about the process to get that outcome. Who has to do what, then practice them. Run mock trials, run audits, run scenarios, and see what happens. Check to see if you're continuity plans generally deliver what you think they're going to deliver. Especially if you can do them as a surprise that way you really put the system under stress.
Waiting to the last minute and hoping that everything works out rarely works out. Do yourself a favour and get a bit practice in. Have a plan.
Got a question
We'd love to hear from you on any questions you have on ISO Management Systems, lean or leadership. Just pop your question in the section below and we'll put it into hat for things we are answering with the Thursday Q&A Sessions.
Copyright
© Many Caps Consulting | All Rights Reserved
By accepting you will be accessing a service provided by a third-party external to https://www.test.manycaps.com/
Comments