Friday, 22 November 2013

Service Management, the supply chain and ISO22301

If a service is the about the service provider delivering value through outcomes without you owning the specific costs and/or risks, how come so many clients I visit concern themselves with, not just the service provider's competence and capabilities but the supply chain below their service provider? I think it's about trust and awareness.

To be honest, there are actually three types of client I visit.
  • There are those who take it on trust that the service provider they have engaged with are suitably capable, competent and robust for their needs. They sign a contract with the service provider and assume that this will be sufficient (well there are words about consequential loss in there aren't there?).
  • There are those who don't trust their service providers to the extent that they end up challenging the entire supply chain. This can end up in a hugely costly and complex exercise of ongoing assessments, audits, reviews and contracts.
  • Then there are the ones who have understood that the idea is to get the service provider to prove their ability to service their needs in spite of situations which threaten the delivery capabilities. They demand that the service provider applies the same requirement on all of their sub-contractors and can demonstrate how they will continue to provide their contribution.
Historically, this has been an issue because there was no real way of proving this capability. However, ISO22301 is a new standard for Business Continuity Management against which organisations can be certified.

ISO22301 sets out the requirements for a service provider to put together a management system for understanding business risk and impact and plan their mitigation strategy appropriately. It sets out the responsibilities of senior management in  managing business continuity plans and arrangements. It follows a similar management system approach to other compatible standards such as ISO27001, ISO20000 and ISO9001 using the familiary Plan, Do, Check, Act structure for enacting continual improvement.

So, stop trying to make up for either your lack of trust of your service providers or your service provider's inadequate assurances and start insisting that they (and you) are able to demonstrate commitment to the provision of stability and continuity by looking at ISO22301.

If you want help understanding your needs around BCM or you've already made the decision to go ahead with ISO22301, give us a call, we'd be happy to help.

No comments:

Post a Comment