is the online magazine of BSI Group, highlighting the vital role that standards play in today's business environment by helping organizations improve quality, save money, reduce risk and be more sustainable. Features include interviews with leading business figures, as well as news on the latest developments in management systems, standards, testing, healthcare and certification.
Embedding business continuity in the Industrial Bank of Korea
06 Oct 2008
Topics: Business continuity, BS 25999, Korea
How does an organization ensure that its current business continuity practice is state-of-the-art and how does it demonstrate this fact to confirm market position and satisfy regulatory requirements? The answer for the Industrial Bank of Korea (IBK) has been to join the growing list of organizations certified by BSI Management Systems to business continuity management standard BS 25999.
Established in 1961, IBK is one of the top five banks in Korea. It mainly provides financial services and expertise to the business community, with an 18 per cent share of the Small and Medium Enterprise (SME) financing market. The bank is headquartered in the centre of Seoul with its IT headquarters, targeted for BS 25999 certification, in Yong-In city, 40km from Seoul.
Objectives of certification
The push to gain certification to BS 25999 principally came from the Bank's CIO, who saw it as part of IBK's long term business strategy to become a best-in-class banking business in the region.
Specifically IBK wanted to become the best bank for IT services, which are essential to the delivery of the bank's services to its customers. Since the bank is committed to ensuring that all clients will receive a prompt response to service requests irrespective of any crises or incidents, it wanted to gain greater confidence that it was fully equipped to withstand and recover from any and all crises and incidents. The bank also wanted a means of demonstrating that robust business continuity management was in place and that it was ahead of its competitors in implementing best practice.
An additional driver has been that since 2003, the Korean Financial Supervisory Service - which regulates and supervises financial institutions - has stipulated that Korean banks need to establish robust BCM practices, including business continuity plans, to meet global requirements such as BASEL II and IFRS. An independent certification to BS 25999 could be used to underpin the requirements of the Korean Financial Supervisory Service's international banking regulation standard.
Finally, IBK identified that BS 25999 and the audit process offered an important opportunity for the bank to revise and innovate the bank's existing BCM measures and to develop knowledge and awareness of BCM practices not only among the staff directly involved, but across the whole business.
The path to certification
IBK has already been active in BCM prior to the push for certification in 2007. This provided a foundation for the activity which followed.
Initially a bank-wide business continuity audit was undertaken using the methodology set down in BS 25999. A gap analysis was done which defined an action plan for system design and strategy. A Business Impact Analysis (BIA) and Risk Assessment (RA) were then produced from analyzing over 700 work processes, and then identifying and prioritizing the critical activities in terms of urgency, interdependency and target recovery times.
Subsequently the BIA and RA were used to set overall strategy and to frame specific individual Business Continuity Plans (BCPs), creating a core Business Continuity Management System (BCMS). This was embedded through the development of a Continuity Management policy manual, with training documents for each department.
To accomplish effective BCM implementation, IBK now regularly undertakes reviews of the RA and BIA, and the BS 25999 principles and exercises, and regularly updates the BCMS on organizational and other changes.
Finally, BSI audited and reported on IBK's initial review and gap analysis, and conducted a final audit upon implementation, leading to the award of certification to BS 25999 in March 2008.
Business benefits of certification
For IBK, certification to BS 25999 serves as a tangible demonstration that best practice has been achieved. It has conferred competitive advantage in the marketplace and reassured customers that the bank is committed maintaining continuity of service, whatever happens.
The certification has also protected vital assets and built greater confidence to face crises or incidents that could be fatal to the organization. And the bank is satisfying Financial Supervisory Service requirements.
Finally, the process has also increased employee engagement, and improved communications around BCM, so that if the worst should happen, IBK will be fully prepared.
Business Standards © 2010. Editorial produced by Caspian Publishing in association with The British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.
Monarch Airlines chooses BSI for its European Union Emission Trading System (EU ETS) verification
Monarch Airlines has selected BSI as its provider of verification services against the requirements of the EU ETS directive. This comes in response to the industry's requirement to monitor its CO2 emissions and demonstrate compliance with the directive by submitting a verified annual emissions report by 31 March every year from 2011 onwards.
A clear case for carbon neutrality
"Carbon neutral" sounds good on paper, but what does it really mean? Organizations are making claims about carbon neutrality for everything from products to travel, events, projects and buildings. The problem is that no one quite agrees what "carbon neutral" means or how far it extends.
Gerda, a leading developer and manufacturer of products for the security industry, has become the first company to be awarded the Kitemark for thief-resistant lock assemblies, in line with BS 10621:2007 Thief resistant dual-mode lock assembly.
Rising waters: revising PAS 1188
For those living in areas that are prone to flooding, having the right protection resources available is essential. While images of emergency sandbags holding back rivers of water may fill the media, there is a much wider range of products available for flood protection.
BSI is planning an informal free lunchtime roundtable in central London on 10 December 2009 to explore how small businesses and their trade bodies can work more effectively with standards. Places are limited so to register your interest or request more information, please email bsi.survey@bsigroup.com or call +44 (0)20 8996 7750.
Question: This year marks the 25th anniversary of data protection regulation in the UK. Does the fact that such legislation exists mean that standards do not have a big role to play in the data protection puzzle?
First of all, the fact that there is legislation in place does not mean standards do not have a role to play. Quite the contrary: in many cases, standards offer a framework for businesses to better prepare and comply with legislation.
Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.
