Business Standards - Embedding business continuity in the Industrial Bank of Korea

BUSINESS STANDARDS
is the quarterly magazine of BSI Group, highlighting the vital role that standards play in today's business environment. Regular features include interviews with leading business figures, as well as news on the latest developments in management systems and standards.

For more information on BSI Japan, click here

Business Standards > Articles

Embedding business continuity in the Industrial Bank of Korea

06 Oct 2008
Topics: Business continuity, BS 25999, Korea

A view of Seoul at night, location of IBK headquarters

How does an organization ensure that its current business continuity practice is state-of-the-art and how does it demonstrate this fact to confirm market position and satisfy regulatory requirements? The answer for the Industrial Bank of Korea (IBK) has been to join the growing list of organizations certified by BSI Management Systems to business continuity management standard BS 25999.

Established in 1961, IBK is one of the top five banks in Korea. It mainly provides financial services and expertise to the business community, with an 18 per cent share of the Small and Medium Enterprise (SME) financing market. The bank is headquartered in the centre of Seoul with its IT headquarters, targeted for BS 25999 certification, in Yong-In city, 40km from Seoul.

Objectives of certification

The push to gain certification to BS 25999 principally came from the Bank's CIO, who saw it as part of IBK's long term business strategy to become a best-in-class banking business in the region.

Specifically IBK wanted to become the best bank for IT services, which are essential to the delivery of the bank's services to its customers. Since the bank is committed to ensuring that all clients will receive a prompt response to service requests irrespective of any crises or incidents, it wanted to gain greater confidence that it was fully equipped to withstand and recover from any and all crises and incidents. The bank also wanted a means of demonstrating that robust business continuity management was in place and that it was ahead of its competitors in implementing best practice.

An additional driver has been that since 2003, the Korean Financial Supervisory Service - which regulates and supervises financial institutions - has stipulated that Korean banks need to establish robust BCM practices, including business continuity plans, to meet global requirements such as BASEL II and IFRS. An independent certification to BS 25999 could be used to underpin the requirements of the Korean Financial Supervisory Service's international banking regulation standard.

Finally, IBK identified that BS 25999 and the audit process offered an important opportunity for the bank to revise and innovate the bank's existing BCM measures and to develop knowledge and awareness of BCM practices not only among the staff directly involved, but across the whole business.

The path to certification

IBK has already been active in BCM prior to the push for certification in 2007. This provided a foundation for the activity which followed.

Initially a bank-wide business continuity audit was undertaken using the methodology set down in BS 25999. A gap analysis was done which defined an action plan for system design and strategy. A Business Impact Analysis (BIA) and Risk Assessment (RA) were then produced from analyzing over 700 work processes, and then identifying and prioritizing the critical activities in terms of urgency, interdependency and target recovery times.

Subsequently the BIA and RA were used to set overall strategy and to frame specific individual Business Continuity Plans (BCPs), creating a core Business Continuity Management System (BCMS). This was embedded through the development of a Continuity Management policy manual, with training documents for each department.

To accomplish effective BCM implementation, IBK now regularly undertakes reviews of the RA and BIA, and the BS 25999 principles and exercises, and regularly updates the BCMS on organizational and other changes.

Finally, BSI audited and reported on IBK's initial review and gap analysis, and conducted a final audit upon implementation, leading to the award of certification to BS 25999 in March 2008.

Business benefits of certification

For IBK, certification to BS 25999 serves as a tangible demonstration that best practice has been achieved. It has conferred competitive advantage in the marketplace and reassured customers that the bank is committed maintaining continuity of service, whatever happens.

The certification has also protected vital assets and built greater confidence to face crises or incidents that could be fatal to the organization. And the bank is satisfying Financial Supervisory Service requirements.

Finally, the process has also increased employee engagement, and improved communications around BCM, so that if the worst should happen, IBK will be fully prepared.

Business Standards © 2009. Editorial produced by Caspian Publishing in association with the British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.

Return to Main Menu

Clear thinking for consortia

While there was a time when companies would never consider working alongside the competition, today's marketplace demands a more flexible approach. Collaboration is fast becoming par for the course. For example, large government contracts often require expertise that goes far beyond any one company's capacity to deliver. Forming a consortium brings together the right experience in the right place, and it can mean the difference between winning or losing a tender.

Sapphire earns a standards hat-trick

Sapphire Energy Recovery, the waste processing and resource recovery business owned by Lafarge Cement, has achieved certification to three management systems standards (ISO 9001 Quality management, ISO 14001 Environmental management and BS OHSAS 18001 Health and safety management) from BSI. Sapphire is the UK's leading processor of used tyres, and sources and manages the logistics of a range of waste-derived fuels and raw materials for the cement industry.

A little bit extra for Kitemark® bodyshops and garages

It's all well and good for an automotive bodyshop to earn the Thatcham BSI Kitemark® for Vehicle Body Repair, but it won't have as much impact if potential clients don't know about it. As a consequence, BSI decided to offer an Extras marketing toolkit to bodyshops and garages that have earned the Kitemark.

Locking down the Kitemark®

Gerda, a leading developer and manufacturer of products for the security industry, has become the first company to be awarded the Kitemark for thief-resistant lock assemblies, in line with BS 10621:2007 Thief resistant dual-mode lock assembly.

Integra ICT Hits environmental high

Integra ICT, the Bedfordshire-based telecoms provider, has achieved certification to ISO 14001 Environmental management from BSI.

View all

Question: What impact do you think BCM could have on business insurance in the future?

It is essential that any business suffering a disaster is able to continue as near normal trading in the shortest possible time period to survive. To achieve this, an organization should implement a comprehensive well-tested business continuity plan (BCP) as a first step. Insurance should be viewed as an extension to the BCP process, not an alternative.

Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.