Executive Overview
It is a common practice for companies to have a plan that describes the measures required to continue doing business in the face of adverse events. While the primary focus of many of these plans may be on business functions such as order processing, customer service, invoicing, and supply chain, it is also very important for the scope to include continuity of operations or production facilities used to produce their products. For companies that handle hazardous materials the plan must also address process safety and other concerns.
Preparation of an operations continuity plan begins with a comprehensive risk assessment that identifies potential threats and vulnerabilities, as well as potential consequences. Risks must include equipment failure, loss of containment of hazardous materials, and loss of control resulting from a range of events, including loss of utilities, natural or weather-related events or cybersecurity attacks.
While the plan is essential, it is not alone sufficient. The effectiveness of the response will be limited if the plan is not tested or exercised. A simple table top exercise can be helpful, but a full test is preferred. It is essential that the plan state very clearly who is both accountable and responsible for each element or step prescribed.
The results of periodic reviews and tests must be used to identify specific improvements. These must be implemented as part of a regular continuous improvement program.
ARC conducted a survey on this topic, which elicited responses from several asset owners. The purpose of this survey was to identify positions and practices with respect to operations continuity planning. In addition to providing input to this report, the survey results will be used to direct additional research on specific aspects of the subject. The survey remains open and additional respondents are encouraged to submit their information.
Planning Context
All aspects of the enterprise must be addressed in a comprehensive continuity plan and coordinated across functions and departments in the enterprise. One of these is operations, defined as the processes, people and equipment necessary to produce a product for the customer. Without the ability to produce product the business will eventually falter. Depending on the nature of the business and its products it may be possible to operate from stored inventory for some interval, this is at best a temporary measure. Given that most companies have adopted a strategy of minimizing
inventory, the interval may be extremely short.
It is also important to develop, exercise and execute operations continuity plans in the context and at the level most appropriate for the situation. For example, when dealing with large, integrated process industry sites the plan must address the full breadth of the integrated processes. In cases where process steps are less integrated and that have some level of in-process inventory, more granular planning may be possible.
The formulation of such plans must reflect the results of a risk assessment. While there are many ways of defining risk, it is commonly understood that it is a function of threat, vulnerability, and consequence, with both the threat and consequence components having some probability or likelihood of occurrence. Threats come in many forms and may be from both external and internal sources. Common examples include adverse weather, natural disasters, loss of infrastructure services and major equipment failures. Deliberate attacks – whether physical or cyber – must also be considered.
While the primary consequence to be presented is loss of business continuity or ability to conduct business, this comes in various degrees. In the past year, the COVID-19 pandemic has brought additional attention to the need to exercise these plans and make any adjustments required. Regardless of the nature of the potential threat the imperative remains the ability to sustain regular operations and conduct business.
For all anticipated combinations, a continuity plan must define feasible mitigation measures. While this imperative seems clear, it is not always apparent that continuity plans are adequately coordinated across functions or departments within an enterprise, from business planning to manufacturing and operations.
A Survey of Current Practices
To get a better understanding of current practices in this area, ARC conducted an anonymous survey of asset owners that received responses from a range of industry sectors and geographic regions. Most of the responses represented a company-level perspective while some are from a single plant. While the absolute number of responses was relatively small, the range appears to be broadly representative.
The survey has recently been reopened and modified to allow contributors to see results as they are entered. Depending on the ongoing response there may be an opportunity for subsequent reports and additional research. Those wishing to contribute to further research can find the survey on theARC web site.
Survey Design
The initial survey was kept simple to encourage contributions and to focus on specific aspects of the subject. Specifically, it was designed to elicit information about typical planning practices in response to several potential threats. Although cybersecurity incidents were not specifically mentioned, these also could be included in this list. The specific questions are shown in Table 1.
While it is possible that several of these questions could easily lead to more detailed analysis and investigation, this was beyond the scope of this initial effort.
Table of Contents
- Executive Overview
- Planning Context
- A Survey of Current Practices
- Summary of Responses
- Analysis and Further Research
- Recommendations
ARC谘詢集團客戶可以查看完整的report atARC Client Portal
If you would like to buy this report or obtain information about how to become a client, pleaseContact Us