Global Aerospace Company
Global Aerospace Company
Our client is an international aerospace company manufacturing aircraft, surface ships and combat vehicles, developing new technologies and supplying cyber, intelligence and security capabilities.
The client has a project to develop a tender response for a long-term contract that would secure several hundred jobs.
To be able to respond, the client needed to show within the tender that certification to ISO 22301:2019 had been achieved, or would be at the time of the awarding of the contract.
Teed has worked with the client since 2009 developing and implementing comprehensive business continuity arrangements by supporting the internal BC team. The client has a mature business continuity management system aligned to ISO 22301, so needed to work quickly to build it up to meet all the certification criteria.
David Teed designed an approach for undertaking a gap analysis working with the standard’s self-assessment checklist to understand what the client already had in place, what needed to be updated and what needed to be developed from scratch. Against each action would be required timescales to achieve completion.
Five sites and dependencies were in the scope of the project and David determined six discussions with key individuals would be sufficient to ascertain the gaps, keeping client time to a minimum. Alongside, David reviewed relevant documents already in place to understand their efficacy and alignment to the ISO. Facilitated discussions and the document review provided the necessary information to fulfil ISO 22301:2019, as follows:
1. The organisation and its context
2. Needs and expectations of interested parties
3. Scope of the BCMS
4. Leadership and management commitment
5. Business continuity management policy
6. Risks and opportunities of BCMS implementation
7. Business continuity objectives
8. BCMS resources and competence
9. Awareness and communication
10. Operational planning and control
11. Business impact analysis
12. Risk assessment and treatment
13. Business continuity strategy
14. Establishing and implementing BC procedures
15. Incident response structure
16. Incident communications and warnings
17. Business continuity response and recovery plans
18. Exercising and testing
19. Monitoring, measurement and evaluation
20. Internal audit
21. Management review
22. Corrective action and continual improvement
The consultant delivered an ISO 22301 Gap Analysis Findings Summary which set out:
- An overview of the current state of readiness for achieving ISO 22301
- A breakdown of suggested improvements, activities and documentation
- Proposed scope and roadmap for the client to achieve ISO 22301 certification
The gap analysis helped to determine what was needed in terms of exercises, training and awareness, changes to documents and management ownership.
David assisted the project team with the design and facilitation of a combined exercise for the sites in scope. This enabled plans and strategies to be validated and ensure they were ready to go for certification. The BC teams joined a Webex session with break out sessions to consider specifics, returning to central coordination for the wider exercise. Amongst feedback received, participants noted:
- “The multi-site approach worked very well – saved time and was an opportunity to share views which doesn’t often happen when done at single site level
- It has highlighted the necessity to continuously revisit the documents, as time / resource estimates were not accurate in the current documents. This made it more difficult when deciding key projects and resource allocation.
- Logical flow through what BCM is and how to apply it”
Teed’s support in this project enabled the client to have a comprehensive analysis and review by an experienced practitioner minimising time and complementing the work carried out by the client’s BC teams.
The output resulted in a number of focus areas to bring the BCMS up to speed and timescales required to achieve certification to ISO 22301. A greater level of awareness and understanding of business continuity planning for individual sites, and the wider organisation, was gained by participants ensuring roles and responsibilities are taken on board and actions followed through to completion.