|
|
| |
When preparing your business continuity plan, here are some simple questions to consider to develop your plan and to prepare for recovery.
Business Management Policy:
- Please confirm that your company has a written and enforced Business Continuity Management (BCM) policy that applies to all primary sites.
- Please confirm that your company's senior management has reviewed the Business Continuity Management (BCM) program to ensure necessary processes have been established and maintained in the last 12 months.
- Please confirm that your company has a written pandemic plan in place that covers all primary sites.
Risk Assessment:
- Please confirm that in the last 12 months, the supplier/sub supplier sites you are considering in your BC plans have performed appropriate risk assessments that prioritized key risks to the site, estimated the business impact of an outage of critical activities, and appropriate actions to mitigate the risk were implemented.
Crisis Management:
- Please confirm that the supplier/sub supplier sites you are considering in your BC plans have conducted a test of the emergency response procedure in the last 12 months (including initiating Emergency Response Team, evacuation drill, etc.).
- Please confirm that the supplier/sub supplier sites you are considering in your BC plans have written crisis management procedures showing a designated management team responsible for crisis communications and decision making.
- Please confirm that the supplier/sub supplier sites you are considering in your BC plans have written and enforced procedures for timely notification of customers for issues that impact quality or delivery commitments.
Recovery:
- Please confirm that there is a written recovery plan describing the steps and timing for resuming 100% of critical site activities within a stated recovery time after a disruption
- Please confirm that the supplier/sub supplier sites you are considering in your BC plans have tested their time-phased recovery plan in the last 12 months and have processes to address findings identified in the testing
- Please confirm that written plans exist for the recovery of 100% of the supplier/sub supplier sites you are considering in your BC plans for product/service output to an alternate site(s) within a stated recovery time in the case of complete loss of this site and its contents. Answer Yes only if the plan addresses 100% of this site's output, all necessary equipment, skilled labor, Information Technology and critical supplies.
- In the event of complete loss of the site and/or its contents, how many weeks would it take to recover 100% of site product/service output at an alternate site(s) or by rebuilding this site? Include the weeks to acquire equipment, skilled labor, Information Technology and critical supplies, but exclude customer qualification time.
Supply Chain Continuity:
- Please confirm that the supplier/sub supplier sites you are considering in your BC plans have approved definitions and lists of critical suppliers and subcontractors and they have assessed the potential business impact of disruption of their products/services.
- If the response to the previous question is Yes, list the approximate number of critical suppliers and subcontractors for this site.
- Please confirm that the supplier/sub supplier sites you are considering in your BC plans have programs to assess business continuity of all its critical suppliers and subcontractors and has a managed process to address identified risks
Supply Chain Security:
- Does the supplier/sub supplier sites you are considering in your BC plans have any Customs Authority approved certifications for supply chain security (e.g. C-TPAT (USA), PIP (Canada), AEO (EU), STP (Singapore) or other)?
- If yes, list which Customs Authority approved certifications are currently active for this site. For each one, list the certification number or code as well as the latest certification or revalidation date.
- If the supplier/sub supplier sites you are considering in your BC plans have no customs security certification but does have written and enforced customs security procedures, please provide a brief summary of the procedures.
Social Responsibility:
- Please confirm that the supplier/sub supplier sites you are considering in your BC plans have written and enforced labor and wages policy and they have reviewed policy compliance in the past 12 months.
- Please confirm that the supplier/sub supplier sites you are considering in your BC plans have written and enforced environmental policy and has reviewed policy compliance in the past 12 months.
- Please confirm that the supplier/sub supplier sites you are considering in your BC plans have written and enforced health and safety policy and has reviewed policy compliance in the past 12 months.
- Please confirm that the supplier/sub supplier sites you are considering in your BC plans have written and enforced ethics policy (or code of conduct) that forbids bribery/corruption and has reviewed policy compliance in the past 12 months.
- Please confirm that the supplier/sub supplier sites you are considering in your BC plans have a program to manage and continuously improve its environmental impact, worker health, safety and ethical business conduct.
- Do the supplier/sub supplier sites you are considering in your BC plans have a written and enforced policy and due diligence plan to forbid purchasing metals containing Tin, Tantalum, Tungsten or Gold from sources that directly or indirectly finance conflict in the Democratic Republic of the Congo or an adjoining country?
Security:
- Please confirm that the supplier/sub supplier sites you are considering in your BC plans have written and enforced policies for safeguarding confidential customer Intellectual Property (IP), information and documents.
Fire Prevention:
- Please confirm that the supplier/sub supplier sites you are considering in your BC plans have written and enforced procedures to manage the safe-handling of hazardous materials (e.g. flammable liquids, aerosols, poisonous gases) as well as storage in a separate and dedicated area.
- Please confirm that the supplier/sub supplier sites you are considering in your BC plans have written and enforced procedure to authorize and control hot work activities (brazing, grinding, welding, cutting using oxy-acetylene torch, etc.) for non-production activities in the facility (e.g. facility repair, equipment repair, plumbing, construction).
- Please confirm that the supplier/sub supplier sites you are considering in your BC plans have an automated fire suppression system (e.g. sprinkler, chemical or gas-based automated system) that protects all critical site activities.
- Please confirm that the supplier/sub supplier sites you are considering in your BC plans maintain and tests their fire protection equipment and electrical equipment on a regular basis at least annually. Fire protection equipment includes pumps, sprinklers, extinguishers, detectors and alarm systems. Electrical equipment includes switchgear, circuit breakers, batteries, etc.
Power:
- Please confirm that there is a backup power source (in addition to a UPS) that enables continued operation of critical Information Technology, facility security systems and fire control equipment used by this site.
- Please confirm that the supplier/sub supplier sites you are considering in your BC plans backup power source is load tested (at least 80% load) on a semi-annual basis.
IT:
- Please confirm that there is at least a daily data backup and at least weekly offsite storage for all electronic data required to support all critical site activities.
- Please confirm that the supplier/sub supplier sites you are considering in your BC plans have written Information Technology (IT) recovery plans covering all IT resources needed to support all critical site activities.
- Please confirm that all Information Technology (IT) recovery plans covering all IT required for all critical site activities have been tested in the last 12 months.
|
|
