« DoDのDevSecOps | Main | 欧州委員会(EU)がGDPRの2年間のレビューを公開していますね。。。 »

2020.06.25

ISACA White Paper : Supply Chain Resilience and Continuity - Closing Gaps Exposed in a Global Pandemic

こんにちは、丸山満彦です。

ISACAという団体があります。Information Sysytems Audit and Control Associationの短縮形ですが、今はブランドとしてISACAとなっています。。。

私は1995年からの会員で、過去に大阪支部の会長や東京支部の副会長を務めたこともあります。当時は、国際も含めて和気藹々としたコミュニティーでしたが、人数も増えて今は、会社みたいな組織になってしまってちょっと寂しい面もあります(ただ、組織力がある分、良い成果が出ていると思います。)

ちなみに、私がISACAの会員になるきっかけを作ってくれたのは、当時の上司でISACAの会員でもあった森田祐司[wikipedia]さんで、現在は会計検査院長をしています。会計検査院長がISACAの会員というのは世界的にも珍しいかもしれません。

そんなISACAから”Supply Chain Resilience and Continuity - Closing Gaps Exposed in a Global Pandemic”というWhite Paperが出ていますね。

● ISACA

・2020.06.22 ISACA Outlines How to Strengthen Enterprise Supply Chain Resiliency During the Pandemic and Beyond

 ・White Paper : Supply Chain Resilience and Continuity - Closing Gaps Exposed in a Global Pandemic

-----

The paper outlines key steps that need to be addressed in the business continuity planning process, such as:

  • Identify and assess risk associated with continued service from suppliers and third parties for providing services to customers.
  • Establish communication to share information about preparedness and response plans with niche and tactical suppliers and service providers to improve transparency of responses.
  • Limit geographical concentration and the single point of failure, following an accurate impact analysis.
  • Extend simulation models to the various scenarios presented, including pandemic, to enhance the abilities of the business continuity plan.

-----

目次等

 

Introduction
Business Operations Continuity and Risk Management
> Enterprise Risk
> Supplier Risk
> Risk Management Process and Risk Response
Supply Chain Management
> Supply Chain Interruption and Enterprise Loss
> Information System Supply Chains
> Supply Chain Risk
Supply Chain Risk Mitigation
> Supplier Categorization
> Mitigating Concentration Risk
Increasing Resilience and Continuity
> Contingency Planning During Pandemics
> Human Resources and Continuity
Conclusion
Acknowledgments

-----

Introduction

Business continuity has been an historical part of enterprise business plans and is constantly evolving to match the changing business landscape. However, its importance escalated after the terrorist attack on the World Trade Center on 11 September 2001 revealed significant gaps in planning.

Business continuity planning (BCP) has been a major part of all strategic investments ever since.

After the World Trade Center attack, more diverse threats emerged, including ransomware, targeted attacks, terrorist attacks and the pandemics of COVID-19, bird flu, swine flu, anthrax, ebola, E-coli and SARS, leading enterprises to constantly update risk scenarios. The outbreak of COVID-19 rapidly escalated into a global pandemic. The spread of COVID-19 has affected the entire world, has claimed the highest casualties of any recent epidemics or pandemics and has crippled the world economy. Many businesses are struggling to survive through this pandemic and its subsequent lockdowns.

One result of the COVID-19 pandemic is the identification of gaps in continuity planning—the two major gaps highlighted are continuity in supply chain management and human resource management.

Business continuity management (BCM) programs are not one-size-fits-all processes. Enterprises need to evaluate specific requirements and develop and implement BCM systems. Global best practices provided by the Business Continuity Institute (BCI),1 the Disaster Recovery Institute (DRII),2 and various international standards, including ISO 22301:2019 Security and resilience — Business continuity management systems — Requirements3 may help organizations benchmark their continuity programs. To have appropriate business continuity plans in place, organizations should employ enterprise risk management (ERM) and business impact analysis (BIA) processes regularly, to enable the enterprise to understand the impact of unavailability of critical assets, suppliers and resources, and identify the single points of failure (SPoF) within the system. The BIA and a proper business continuity risk assessment support the development of mitigation measures and recovery strategies for the enterprise.

Many organizations, including government authorities, publish guidance about business continuity planning within the enterprise; however, recent new threats are widespread, affect large geopolitical areas and distress multiple organizations (including suppliers and vendors) along diverse and complexly networked supply chains—and, thus, represent a concentrated or intensified challenge specifically to the supply chains supporting many enterprises.

Recent new threats are widespread, affect large geopolitical areas and distress multiple organizations (including suppliers and vendors) along diverse and complexly networked supply chains—and, thus, represent a concentrated or intensified challenge specifically to the supply chains supporting many enterprises.

Many enterprises today outsource some business- and technology-related processes. Therefore, many enterprises depend on external service providers for various requirements, including raw materials, spare parts for manufacturing, infrastructure maintenance, consumables, information, maintenance and other services, such as IT support. Managing service providers is part of operational requirements. Thus, business continuity planning must consider the supply chain and its distinctive vulnerabilities.

Enterprises and suppliers alike may incur damages associated with pandemics and their potential impact on the workforce; thus, the workforce itself cannot be ignorde for a variety of legal, fiduciary and competitive reasons.

Considered holistically in terms of broad risk management, investment in business continuity planning a specific focus on the supply chain—can bring competitive advantage as well as reduce or mitigate potential damages in the context of an emerging health crisis.

This white paper provides guidance for managing potential gaps in continuity planning specific to the supply chain, extending supply chain concepts to other functional business areas and assessing threats to the typical business continuity plan.

1 Business Continuity Institute (BCI), www.thebci.org/
2 Disaster Recovery Institute International (DRII), drii.org/
3 International Organization for Standardization (ISO®), ISO 22301:2019, Security and resilience – Business continuity management systems – Requirements, www.iso.org/standard/75106.html

 

 




|

« DoDのDevSecOps | Main | 欧州委員会(EU)がGDPRの2年間のレビューを公開していますね。。。 »

Comments

Post a comment



(Not displayed with comment.)




« DoDのDevSecOps | Main | 欧州委員会(EU)がGDPRの2年間のレビューを公開していますね。。。 »