is the online magazine of BSI Group, highlighting the vital role that standards play in today's business environment - delivering ROI, saving costs, improving quality and mitigating risk. Features include interviews with leading business figures, as well as news on the latest developments in management systems, standards, testing, healthcare and certification.
Embedding business continuity in the Industrial Bank of Korea
06 Oct 2008
Topics: Business continuity, BS 25999, Korea
How does an organization ensure that its current business continuity practice is state-of-the-art and how does it demonstrate this fact to confirm market position and satisfy regulatory requirements? The answer for the Industrial Bank of Korea (IBK) has been to join the growing list of organizations certified by BSI Management Systems to business continuity management standard BS 25999.
Established in 1961, IBK is one of the top five banks in Korea. It mainly provides financial services and expertise to the business community, with an 18 per cent share of the Small and Medium Enterprise (SME) financing market. The bank is headquartered in the centre of Seoul with its IT headquarters, targeted for BS 25999 certification, in Yong-In city, 40km from Seoul.
Objectives of certification
The push to gain certification to BS 25999 principally came from the Bank's CIO, who saw it as part of IBK's long term business strategy to become a best-in-class banking business in the region.
Specifically IBK wanted to become the best bank for IT services, which are essential to the delivery of the bank's services to its customers. Since the bank is committed to ensuring that all clients will receive a prompt response to service requests irrespective of any crises or incidents, it wanted to gain greater confidence that it was fully equipped to withstand and recover from any and all crises and incidents. The bank also wanted a means of demonstrating that robust business continuity management was in place and that it was ahead of its competitors in implementing best practice.
An additional driver has been that since 2003, the Korean Financial Supervisory Service - which regulates and supervises financial institutions - has stipulated that Korean banks need to establish robust BCM practices, including business continuity plans, to meet global requirements such as BASEL II and IFRS. An independent certification to BS 25999 could be used to underpin the requirements of the Korean Financial Supervisory Service's international banking regulation standard.
Finally, IBK identified that BS 25999 and the audit process offered an important opportunity for the bank to revise and innovate the bank's existing BCM measures and to develop knowledge and awareness of BCM practices not only among the staff directly involved, but across the whole business.
The path to certification
IBK has already been active in BCM prior to the push for certification in 2007. This provided a foundation for the activity which followed.
Initially a bank-wide business continuity audit was undertaken using the methodology set down in BS 25999. A gap analysis was done which defined an action plan for system design and strategy. A Business Impact Analysis (BIA) and Risk Assessment (RA) were then produced from analyzing over 700 work processes, and then identifying and prioritizing the critical activities in terms of urgency, interdependency and target recovery times.
Subsequently the BIA and RA were used to set overall strategy and to frame specific individual Business Continuity Plans (BCPs), creating a core Business Continuity Management System (BCMS). This was embedded through the development of a Continuity Management policy manual, with training documents for each department.
To accomplish effective BCM implementation, IBK now regularly undertakes reviews of the RA and BIA, and the BS 25999 principles and exercises, and regularly updates the BCMS on organizational and other changes.
Finally, BSI audited and reported on IBK's initial review and gap analysis, and conducted a final audit upon implementation, leading to the award of certification to BS 25999 in March 2008.
Business benefits of certification
For IBK, certification to BS 25999 serves as a tangible demonstration that best practice has been achieved. It has conferred competitive advantage in the marketplace and reassured customers that the bank is committed maintaining continuity of service, whatever happens.
The certification has also protected vital assets and built greater confidence to face crises or incidents that could be fatal to the organization. And the bank is satisfying Financial Supervisory Service requirements.
Finally, the process has also increased employee engagement, and improved communications around BCM, so that if the worst should happen, IBK will be fully prepared.
Business Standards © 2010. Editorial produced by Caspian Publishing in association with The British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.
Security is a challenge at the best of times for a retail bank. If you offer services via the internet, security becomes even more complicated. For Barclays UK Retail Online Banking, information security is at the core of their business, which is one of the main reasons the organization pursued and achieved certification to ISO/IEC 27001 Information security from BSI.
Sapphire earns a standards hat-trick
Sapphire Energy Recovery, the waste processing and resource recovery business owned by Lafarge Cement, has achieved certification to three management systems standards (ISO 9001 Quality management, ISO 14001 Environmental management and BS OHSAS 18001 Health and safety management) from BSI. Sapphire is the UK's leading processor of used tyres, and sources and manages the logistics of a range of waste-derived fuels and raw materials for the cement industry.
Rising waters: revising PAS 1188
For those living in areas that are prone to flooding, having the right protection resources available is essential. While images of emergency sandbags holding back rivers of water may fill the media, there is a much wider range of products available for flood protection.
Until now, there has been no strict guidance in the UK relating to how audiovisual (AV) installations are carried out. This includes everything from computers and projectors to interactive whiteboards, plasma screens and loud speakers. For AV installation companies, processes can vary significantly.
Monarch Airlines chooses BSI for its European Union Emission Trading System (EU ETS) verification
Monarch Airlines has selected BSI as its provider of verification services against the requirements of the EU ETS directive. This comes in response to the industry's requirement to monitor its CO2 emissions and demonstrate compliance with the directive by submitting a verified annual emissions report by 31 March every year from 2011 onwards.
Question: Given the state of the environment, should issues like energy management in business be more regulated and closely monitored instead of voluntary?
Climate change is such an urgent issue that some might argue the only answer to this question is "Yes". However, creating laws that achieve their goals in precisely the right way is challenging and time consuming at the best of times. And when it comes to climate change, the factors involved are varied - too many for any one law or set of laws to cover adequately.
Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.
