Supply Chain€¦ · Intelligence & Planning Operations FEMA EMI training courses ICS-100:...
Transcript of Supply Chain€¦ · Intelligence & Planning Operations FEMA EMI training courses ICS-100:...
Supply Chain Integrated Resiliency and Crisis Management
Royal Philips – Group Operations – New Boston, NH / United States of [email protected] / (O) +1 603-487-1464 / (C) +1 603-582-0883
Roger A. StearnsFBCI | CBCPSr. Global Manager Business Continuity Management
Introductions
Royal Philips – Group Operations – Eindhoven / Amsterdam – The [email protected] / +31(0)6 2113 1633
Rob van den EijndenMBCI | CISA | CRISC | PMP | ISO22301LAGlobal Business Continuity & Resilience Leader
This is what most people think of
Philips…..
Roadmap
Our integrated Resilience Model
Supply Chain & Interdependencies
Crisis Management within our
value stream
Q&AInterpretingRisks
AdditionalInformation
Supply Chain & Interdependent Operations
Interdependent Operations (Services)
• Outsourced Operations• Installers• Resellers• Contact Centers• IT Support• IT Services
Integrated Supply Chain (Products)
• Manufacturing (Raw Materials to Finished Goods)
• Products• Chemicals/Compounds
• Distribution
Supply Chain – 101A cog in the life of a Product or Service
Raw Materials >Manufacturing Process> Finished Goods>
Distribution> CustomerSales > Support>Install
Supply Chain - Reality
Interdependency
Interpreting Risk
“In 1755 Jean-Jacques Rousseau first articulated the differences between disasters (processes) and hazards (events); He hypothesized that the Portugal earthquake which was made by “nature had not built [process] the houses which collapsed and suggested that Lisbon’s high population density [process] contributed to the toll”
The Origins of understanding Risks
EVALUATING & PREDICTING RISKS
BUTTERFLY EFFECT CHAOS THEORY CASCADING DISASTERS BLACK SWANS
SPIRAL DYNAMICS INFLUENCER & SHAPE SHIFTERS
COSO FRAMEWORK CUBE MURPHY’S LAW
Fire
Telecom
IT Services Power
Ransomware
HurricaneSupply Chain
Prop
abili
ty
Impact
Evaluating your Risks – Risk Matrix
Risk Assessments- 2 year cycle of evaluation- Multi disciplined team- Target highest risks 1st
- Assigned owners- Annual updates minimum
2019 Horizon Scan &
Supply Chain Resilience Report
Supply Chain Disruption
Natural DisastersTransportation FailuresGeo PoliticalPrice/Market FluctuationsCyber Attacks
2019 5 Major SC Disruptions
Disruptions are defined as major breakdowns in the production or distribution nodes that comprise a supply chain. These may include events such as a fire, a machine breakdown, an unexpected surge in capacity that creates a bottleneck, quality problems, natural disasters, customs delays, or any other number of different problems.
Definition
Other SC Disruptions
Loss of IT (more than 4 hours)Loss of SuppliersLoss of Utilities (Power)Data BreachesBlockchain, IoT & AI
Observation / OpinionRisks threaten the Integrated Supply Chain every day. However, they are reported in different ways. However, by definition Supply Chain is not just one thing or one impact on the value stream, and can materialize as a direct impact as well as an impact to Up and/or Downstream interdependent processes.
2019 Horizon Scan (BCI/BSI)
A
Black Swans
Source: https://www.thebci.org/resource/bci-supply-chain-resilience-report-2019.html
2019 Horizon Scan 2019 Horizon Scan
Top 10 disruptions
SC not in the top 10 Disruption
Top 10 Threats
2019 Horizon Scan (BCI/BSI)Threats vs. Disruptions
Source: https://www.thebci.org/resource/horizon-scan-report-2019.html
2018 Horizon Scan 2018 Horizon Scan
Top 10 disruptions
2018 Horizon Scan (BCI/BSI)Threats vs. Disruptions
2019 Horizon Scan (BCI/BSI)Likelihood and Impact – next twelve months
**Orange Alert (Low impact/high likelihood) – These are of moderate importance. Organizations should try to reduce the likelihood that they will occur.
*Yellow – These risks are low level; however, organizations should not ignore them.
***Red Alert – These are of critical importance and top priorities. Organizations must pay close attention to them.
**Orange Alert (High Impact/Low likelihood) – These are risks of high importance if they do occur, but they are very unlikely to happen. Organizations should do what they can to reduce the impact they will have if they do occur, and they should have contingency plans in place.
Black Swans
Past 12 mo.Next 12 mo.
N=411N=345
2019 Supplier Chain Resilience Report
A
Pg. 16
Source: https://www.thebci.org/resource/bci-supply-chain-resilience-report-2019.html
2019 Supplier Chain Resilience Report
Pg. 18
2019 Supplier Chain Resilience ReportPg. 21
ISO 45000/14000
Local/Site events & Incidents
ISO 22320
Telecommunications / Networks Cyber / IT Events
All company critical resources &
interdependenciesISO 22301
Planning & Management Spectrum
Ove
rall
Scal
e &
Impa
ct
Emergency Response Plan(s)
Crisis Management Plan(s)
Disaster Recovery Plan(s)
Business Continuity Management Plan(s)
Time Frame
Existential threats to the organization
Disruptive events impacting business operations
Vital technology infrastructure and systems
An immediate impact to Health and Safety (Chemical/Fire/Medical)
Best Practice of Integrated Resiliency
Our journey to an integratedresilience platform
Philips Global BCM Program1. The need to have BCM organized2. Philips Business Continuity
Management System (BCMS)3. Philips Global Resilience Platform
(PGRP)
25 Fusion RUG London 2019 & Philips CoE BCR | 4 November 2019 | v2.0
Numbers FIGURESLocations (Campus, Sites, Buildings 940*Workforce
91,500*FTE 69,000
Contingent 16,000Contractors 6,500
Suppliers 300,000Key/Critical 20,000
IT Global Applications
305*
Local Services 6,300** Changing variable
26 Fusion RUG London 2019 & Philips CoE BCR | 4 November 2019 | v2.0
Delivery of products and services at risk
The need of BCM organized – Lack of Real Time Information
The need of BCM organized - Real Time Information and Response
Royal Philips Business Continuity ambition
Quality Delivery DataIncrease business resilience, and continue delivery of products, services andsolutions to our customers, at acceptable predefined levels, in time of disruption
Organizing Business Continuity as the capability to resume and recover with minimum disruption and to maintain, align with and prepared for certification with ISO 22301
Implementing an exercise program that, over a period of time, leads to objective assurance that the business continuity plans will work as anticipated when required
Turn real time data into information, information into insight and insight into business decisions in time of peace or crisis
Governance Lean organized setup with global and local responsibilities
Core elements of the Philips Business Continuity Management System (BCMS)
Disciplines
All disciplines who needs to work
together
PDCA cycle
The ISO 22301 PDCA cycle applied to Philips
BCMS
Integrated BCMS Framework
The core elements of the foundation for an integrated certified
framework
Standardized BCM Model
Operationalized model to make BCM work
globally
The ISO22301 applied to the Philips Global Business Continuity Management System (BCMS)
GaggioMontano
Pune
Suzhou
Hamburg
Haifa
CoE BCR
Philips Business Continuity Management System (BCMS)
Philips Business Continuity Management System (BCMS) v2.0
Fusion
CoreElements
Key ProductsServices, andSolutions
Key Depended Resources
Information upload via multiple Master
Sources
Available, Acceptable, Accurate (AAA)
ManufacturingComponents
Manufacturing Technology
Service Business Processes
Scope of integrated resilience approach combined with Philips Global Resilience Platform (PGRP)
Our integrated resilience approach integrates with E2E Supply Chain to increase the operational business resilience
The Philips Global Resilience Platform (PGRP) Enables the integrated sharing of critical business data related to prevention, detection, respond and recovery of business
Dealing with dependencies –Using BCM to improve the resiliency of our Supply Chain
• Dependency Mapping to determine impact:
• Gap analysis of business requirements versus delivered
• Entity risk profile existing of domains in scope (Insurance, BCM, Security, Health & Safety, Supplier, Travel, IT Services, etc.)
Connecting the dots: going digital with turn data into information, information into insight and insight into business decisions out of the data lake
Real-Time visualization of dependencies per entity, supplier, or IT service
Plan ProductsServicesSolutions
Processes Resources
BCM risk capabilities aligned with Philips Enterprise Risk Management principles
Real-Time visualization of threats, including Philips entities, suppliers is part of our Early Warning Management System
Crisis Management
Emergencies not dealt with will likely escalate. Fire Fighters often say “all fires start small”
Events, Emergencies & Incidents
It is the emergency management teams proficiency that will dictate success and efficiency and ultimately determine the organizations reputation when a threat materializes and becomes a major event.
Source: https://www.amazon.com/Avoiding-Disaster-Business-Catastrophe-Strikes-ebook/dp/B000VZVZS0 $46.68/44.35
Managed Locally
Managed Locally with additional resources
Local/BU overwhelmed. Regional/Market/Corp
CMT
All company resource are brought to bare.
(Corp/Regional/Market) CMT)
Crisis Management Spectrum
Ove
rall
Scal
e &
Impa
ct
Incident
Crisis
Catastrophe
Disaster
Time Frame
Abnormal and unstable situation that threatens the organization’s strategic objectives, reputation or viability.
Situation where widespread human, material, economic or environmental losses have occurred which exceeded the ability of the affected organization, community or society to respond and recover using its own resources.
Occurs when a disaster's effects are widespread and its impact is so great that it overwhelms a community's ability to function.
Occurrence particular set of circumstances. Shorter term Root-cause to Restoration
An event which is not part of standard business operations which may impact or interrupt services and, in some cases, may lead to a crisis or disaster.
Event
ICS (Incident Command System)
Crisis Management Teams (CMT)
Incident Commander
SupportAdmin. & Finance
LogisticsIntelligence & PlanningOperations
FEMA EMI training coursesICS-100: Introduction to the Incident Command SystemICS-200: ICS for Single Resources and Initial Action IncidentsICS-300: Intermediate ICS for Expanding IncidentsICS-400: Advanced ICS for Command and General StaffIS-700: National Incident Management System, An Introduction
IS-701: NIMS Multiagency Coordination System (MACS)IS-702: NIMS Publication Information SystemsIS-703: NIMS Resource ManagementIS-706: NIMS Intrastate Mutual Aid – An IntroductionIS-800: National Response Framework, An IntroductionG-191: Incident Command System/ Emergency Operations Center InterfaceG-402 Incident Command System (ICS) Overview for Executives/Senior OfficialsG-775: Emergency Operations Center (EOC) Management and Operations
https://training.fema.gov/nims/
Also: All-Hazards Position Specific Courses
CRISIS MANAGEMENT TEAM - ENGAGEMENT
SITE CMT (LEADERSHIP TEAM) REGIONAL CMT
Multiple Location with same incident/Crisis
- Hurricane- Winter Storm
COUNTRY CMT
Multiple Site and Regions
- Terror Attack- Civil unrest
ORGANIZATION CMT
Partial or Entire company
- Product recall- Ransomware attack
Singular Location
- IT incident- Tornado- Chemical Spill- Fire
THE CMT PROCESS
INFORMATION ISSUES DECISIONS ACTIONS
LESSONS LEARNED AFTER ACTION REVIEW
Repeat for duration of event
CREATING A GENERATIVE CRISIS MANAGEMENT CULTURE
- Continual Review of your risks and mitigation steps
- View the Horizon for future risks and potential impacts to your organization
- Look to other industries and their impacts
- Creating response strategies that enable & support a resilient organization
- Engage with CMT members regularly
- Think out of the box
https://www.linkedin.com/pulse/how-continually-build-your-crisis-resilience-caroline-sapriel/
Increase the companies Crisis Management capabilities through practice. Include critical staff to ensuring mission critical operations are restored
CMT Testing & Exercising
• Conduct training with minimal impact on normal operations
• Review ROLES with the CMP & BCP
• Familiarize participants using assigned roles
• Practice as a Team
• Produce After Actions Reports (AAR), Hot Wash
• Track & assign Lessons Learned and Action Items