Business continuity examples

Here are 3 examples of business continuity cases.  I have changed the names, but the examples are real.
1. Loss of key supplier
Brown Engineering are a precision engineering company making components for aerospace applications. In this type of business, sub-contract processes must have the approval of the client.
During a business continuity exercise, Brown Engineering found that there was exposure with Zeta Plating who were the only surface treatment company approved by Brown's client, Mega Aerospace for a critical component.  Brown's immediately contacted Mega and pointed out this exposure, recommending that an alternative surface treatment company be approved. Literally the next day, Zeta Plating had a fire which meant that critical operations were suspended for 3 months.  Brown's contacted Mega and asked,
   "Have you heard about Zeta?",
   "No, what about them?",
   "They've just had a fire"
   "You're kidding!"
Well, he wasn't kidding and there followed a rushed programme of test pieces being made and surface treatments carried out.  They got away with it, but only just.

2. Common mode failure
This was a situation where a company had several alternative suppliers for components critical to their operations.  The only trouble was that all of these were sourced from a company in Japan who was hit by the tsunami. So, whilst the companies had alternative sources lined up, in fact in all boiled down to a single prime source. This is a difficult one to spot.

3. Step improvement in business
One of our clients is a chemical company in the North of England. They have a site which is bordered by rail, river and roads and cannot be expanded. Their primary competitor has a plant in New Orleans which was hit by Hurricane Katrina and flooded out. The group owning this plant decided not to restart it. So our client had the initial surge in orders immediately after  Katrina, with which they could cope, and then a substantial increase in business which had the capability of overwhelming their operations.  Again, not an  easy one to predict.

Cases 2 and 3 are difficult to predict, but there is no execuse for being exposed as much as in case 1.

For more deatails on setting up a business continuity programme suited to your company, or how SSS can help with this, go to
http://www.strategicsafety.co.uk/BusinessContinuityManagement.html .

Phil Chambers

Incorrect claim relating to scrapping of the Construction (Head Protection) Regulations

In  my opinion, UCATT (Union of Construction, Allied Trades And Technicians) have got it wrong when they claim that Construction workers could be left without hard hats on sites, following the scrapping of  "life-saving laws". They state that the construction (Head Protection) Regulations 1989 had seen the average number of construction workers dying as a result of a head injury fall from 48 to 14 in a year.  I don't dispute these figures, but I do dispute the implication that we will go back to the bad old days.

All that is happening with the change is the removal of the duplication of regulations.  We now have the more comprehensive Personal Protective Equipment at Work Regulations 1992.
Repealing the Construction (Head Protection) Regulations doesn't mean that head protection is no longer necessary or that employers can avoid it, just that it is covered by the PPE Regs.
 
See the article mentioning the UCATT concerns:  http://tinyurl.com/bqbc4hu

13 regulations repealed

As we have mentioned before, the Lofstedt review found that a grand total of 13 regulations could be removed to reduce “the burden of health and safety on employers.”  So, I’m sure that you’re all overjoyed that the Health and Safety (Miscellaneous Repeals, Revocations and Amendments) Regulations 2013 came into force on 6 April, repealing the following:

• Celluloid and Cinematograph Film Act 1922
• Gasholders (Record of Examinations) Order 1938
• Shipbuilding and Ship-repairing Regulations 1960
• Celluloid and Cinematograph Film Act 1922 (Repeals and Modifications) Regulations 1974
• Celluloid and Cinematograph Film Act 1922 (Exemptions) Regulations 1980
• Gasholders and Steam Boilers (Metrication) Regulations 1981
• Locomotives etc Regulations 1906 (Metrication) Regulations 1981
• Notification of Installations Handling Hazardous Substances Regulations 1982
• Docks, Shipbuilding etc (Metrication) Regulations 1983
• Construction (Head Protection) Regulations 1989
• Notification of Installations Handling Hazardous Substances (Amendment) Regulations 2002
• Notification of Conventional Tower Cranes Regulations 2010
• Notification of Conventional Tower Cranes (Amendment) Regulations 2010

Note that repealing the Construction (Head Protection) Regulations doesn't mean that head protection is no longer necessary, just that it is covered under the more comprehensive Personal Protective Equipment at Work Regulations 1992.
 

Company fined £79,000 and contractor given 6-month sentence

Following a tip-off from a member of the public about asbestos, the HSE visited a former brewery in Burton on Trent.  The HSE found:

• Significant areas of the building had been contaminated.
• Four large, unprotected holes had been cut in the first and second floors, allowing a person to easily fall
• The site was being used for accommodation
• A worker had been diagnosed with Legionnaire’s Disease.
• The company, Optima, failed to monitor the temperature of water systems

The Fire and Rescue Service visited and found:

• No fire safety risk assessment
• Inadequate alarms and fire detection equipment
• Obstructed escape routes
• Inadequately signposted and block fire escape routes
• No emergency lighting
• No escape procedure

The HSE:

• Instructed Optima and their self-employed site manager, Dominik Jaslowski, to leave the site undisturbed and arrange for a licensed asbestos-removal contractor to clear more than 27 tonnes of the hazardous substance from the site.
• Issued prohibition notices preventing the building being used for accommodation and preventing the further use of the hot-water system and showers. 
•  Prosecuted Optima under

1.       Health and Safety at Work Act

2.       Construction (Design and Management) Regulations

3.       Control of Asbestos Regulations

4.       Work at Height Regulations

5.       Control of Substances Hazardous to Health Regulations

• Prosecuted Jaslowski under 2 counts of the Construction (Design and Management) Regulations

Optima were fined £79,000 (Inc.costs).
Jaslowski was given a 6-month suspended prison sentence, ordered to carry out 200 hours unpaid community service and pay £3500 in costs.

Source: SHP 3 April 2013

Article: So, you want ISO 9001

Many companies want to provide good quality products and services but you don’t have to be certified to ISO 9001 for this.  However, having third-party assessment of your QA practices, which is what you get with certification to ISO 9001, gives you a status which is recognised by most clients.  It used to be that ISO 9001 companies were in the minority and this would make them stand out.  Now companies are realising that they are going to be left behind without it.  I know of many companies who have lost contracts because they are not certified to ISO 9001.  Many clients invariably ask for ISO 9001. If they don’t, then tender documents will require you to go in to detail of your QA management systems.

So what is ISO 9001 and how do we go about getting certification?

ISO 9001 is a QA management standard.  Note that it is management standard, not a performance standard.  So it is not a just matter of doing the right thing; it is also how you approach that in an auditable, sustainable and improving way.

Essentially there are two steps to gaining certification:

• Setting up and implementing management systems to cover the clauses in the ISO 9001 standard.
• Being audited by a UKAS-accredited certification body.  This requires initial certification visits and then repeat visits to maintain certification.

So how do I go about setting up and implementing management systems?

Before we go any further, I’d just like to recommend that your documentation should be implementation-based.  What I mean by this is that it should be written from the perspective of the users of the different systems and not look like semi-legal documents.  I recommend the following:

• Use flowcharts wherever possible.  A system comprising a couple of pages of flowcharts is far more understandable that multiple pages of, “The Production Manager, on receipt of ……”.  Flowcharts are just as acceptable to the certification body.
• Where text is necessary, write it in the form of an instruction to whoever is carrying out the action and possibly in tabular form.  So, in one column you may have “QA Co-ordinator” and in the next “File waste transfer notes”
• Avoid text like “The QualityCo-ordinator shall ….”.  Sometimes it’s unavoidable, but minimise it.
• Be concise.  You are not being judged on your weight of documentation, just that it covers the relevant ISO 9001 clauses and how well it is implemented. 

 It is also worth emphasising two further key points:

• The philosophy should be “Say what you do and do what you say.”  It is pointless having an ideal system if the reality is different. 
• Avoid as much as possible having additional requirements whose function is only to satisfy the 9001 system.  Some may be necessary, but keep these to a minimum.

ISO 9001 shows the following structure:

Policy

Whilst you could create a quality policy as the first step, it is best to regard this as being just a draft.  Once you have done the other steps, you will almost certainly have to amend it.

Planning

As part of the planning stage, you will need a system to address the 9001 requirement to have, and to manage QA objectives. 

Each objective must have some way of assessing if you have met the objective and a target completion date.  If you use INTACT (see below) then the individual actions towards meeting each objective are linked to the objective and shows the complete story; very handy when it comes to your certification visits.

Implementation and Operation

Key operations

You will need to identify the stages in your operations and the steps necessary to maintain quality.  Typical stages may be split into Estimation, Order Receipt, Pre-press, Materials Control, Printing, Finishing, Outworking, Despatch and Invoicing.

Where there are decision points in any step, then you need to define who is authorised to make the decision and how is this recorded.  This last point is often the one that gets missed.

Where there may be a problem, you need to define how this may be addressed.  For example, what steps to take if the authorised person is unsure about his decision.  This is not too bad with internal decision makers, but you need to cover how outworking problems are resolved.

Support operations

ISO 9001 requires you to control those operations which support the key operations where these operations are necessary to ensure quality.  Therefore, you need to also address calibration and data back-up.

Training

Many companies fall down when it comes to training records.  People may be competent through experience or training, but you need a system to record this.  I suggest that this system allows for both conventional training courses and an assessment of competence by somebody in authority in the company; you don’t necessarily have to attend a course to become competent but you need some record that somebody has assessed that person for competence.

Checking and corrective action

This is an essential part of the feedback loop that ensures that your system continues to run.  You need two parts to this:

Customer feedback and internal problems

There is the tendency with problems to immediately fix the problem and do nothing more.  You need a system to simply record both customer feedback and internal problems.  Once you have got these, periodically analyse these to determine any root causes.  It is worth categorising the problem, say Late Delivery, when it is recorded.  This doesn’t take any longer at that time and makes life simpler when analysing the data.

Note that, unlike earlier QA standards which seemed to concentrate on consistency, ISO 9001 places emphasis on customer satisfaction.

System effectiveness reviews

This is referred to in ISO 9001 as auditing, but this term means different things to different people and I therefore avoid it.  You need to review each systems to determine:

• Is it fit for purpose?  What are its objectives and will it achieve them if implemented properly?
• Is it being implemented properly?  Are people aware of it? Is there an unofficial alternative system being followed? (What I call the parallel universe syndrome.)

You will need a schedule of effectiveness reviews and people competent to carry them out.  Some certification bodies require a full set of reviews to have been carried out before certification.  Whilst this may be excessive, you will certainly have to have reviewed all the key systems before certification.

You should also plan to review the operations at any of your key suppliers, say your key outworkers such as spot varnishers.

Management Review

ISO 9001 requires you to have periodic management reviews and actually states the topics to be included.  In the initial stages these may be quite frequent but it may be possible to reduce the frequency later.  I would not recommend have a frequency any longer than every 6 months.  Some companies like to hold them every month.  

Making it all palatable

Without a doubt, the stages of setting this up from scratch require quite some effort and companies take one of two routes:

1.     Appoint someone internally and they work on this full-time

2.     Use external sources to set up the systems and carry out most of the initial work and then use internal people to run the system in additional to their prime role

If route [1] is taken, then it is probably acceptable to have systems that require some effort to track any data.  However, most companies do not have the luxury of having such a person.

If route [2] is taken, then provided that a sensible approach is taken to data management, the tasks to run the system should not be at all onerous.

Where SSS have provided the service to set up the system, then a computerised action management system called INTACT comes an inclusive part of the package.  Options within INTACT enable is to be used to manage QA, health and safety and training records.

Essentially, INTACT replaces the majority of the paperwork and all other systems such as spreadsheets and word-processed documents to form an integrated action management system.  All of the data, such as customer feedback, internal problems, system effectiveness reviews, objectives, management meeting minutes are logged within INTACT.  In addition, analysis of data can be done at the click of a button.

See more about INTACT

See more about our support to enable you to gain ISO 9001

About the author

Phil Chambers BSc CMIOSH

Phil completed an apprenticeship with an engineering company, gained a Production Engineering degree and subsequently became a Chartered Engineer.  After a career mainly with Moog Controls and Cosworth, Phil joined CRA in Melbourne where he immediately started work on the safety of molten aluminium in addition to his main management role.  After a period concentrating on health & safety and environmental management, including molten aluminium operations in Australia, New Zealand and the USA, he returned to the UK in 1996 and formed Strategic Safety Systems Ltd. (SSS)
Phil is a Chartered Health and Safety Practitioner and was a contributor to the second edition of the Printers Guide to Health and Safety (available from HSE Books) and.  Phil has carried out certification support for many companies, with certification gained to ISO 9001, ISO 14001, OHSAS 18001, ISO 27001, FSC/FEPC and other standards.
In addition to certification support, SSS also provides health & safety and environmental services and computerised systems to manage these and other areas
Phil is married with four adult children and lists among his interests, the support of Gloucester Rugby Football Club