How will Hurricanes Harvey and Irma affect your supply chain? Some companies may not be able to get the products or services that they need. Others may pay higher prices, or be unable to manufacture at all. Companies that have business continuity plans (BCPs) aren’t immune to the effects of natural or man-made disasters, but a BCP can help you to recognize, mitigate, and address risks to your business.
Increasingly, customers are asking suppliers about their disaster contingency and business resumption plans. If your customers asked for a copy of your BCP, would you be ready to provide one? If you’re not sure where to begin, where’s the best place to start? Neither ISO 9001:2008 nor ISO 9001:2015 mention “business continuity plans” by name, but this type of planning is part of risk-based thinking.
Risk-Based Thinking and ISO 9001
All ISO 9001 standards establish the requirements for an organization’s quality management system (QMS), a set of policies, processes, and procedures for planning and executing core business functions. ISO 9001:2008 didn’t ignore risks, but ISO 9001:2015 assigns a more prominent role to risk-based thinking. According to ISO, risk is defined (broadly) as the “effect of uncertainty on an expected result”.
What are the specific risks to your business then? How should you think about them? In the automotive industry, ISO/TS 16949 addresses business continuity planning. This standard is based on ISO 9001, but ISO 9001 itself isn’t a prescriptive standard for BCPs. That’s why risk-based thinking is so important. Weather forecasters can predict when and how a hurricane will hit, but it’s up to you to respond.
Business Continuity: Context and Infrastructure
ISO 9001:2015 contains several sections that are especially helpful. Section 4.1, Understanding the Organization and Its Context, addresses the full “legal, technological, competitive, market, culture, social, and economic environments, whether international, national, regional, or local.” Your company might not be located in Houston, Texas, or coastal Florida, but what happens there can affect your business.
Section 7.1.3, which is about Infrastructure, is also important. Often, we think about infrastructure just in terms of buildings. Yet infrastructure also includes associated utilities, transportation resources, information and communications technology, and equipment such as computer hardware. A natural disaster may leave your facility unscathed, but you’ll still need to power-up and ship products.
Risk Recognition, Management, and Mitigation
SHINE is an electronic contract manufacturer that provides custom cable assembly, wire harnessing, and electro-mechanical assembly services to original equipment manufacturers (OEMs). We are transitioning from ISO 9001:2008 to ISO 9001:2015 and recently completed a business continuity plan for our manufacturing center. We hope you’ve found this article to be helpful, and invite you to contact us.