INTERNATIONAL COOPERATION SEE QI Fund © istockphoto Business Resilience Standards Helping Businesses Address COVID-19 Related Economic Challenges Table of Contents About this Publication Introduction ..................................................................................................................................... 7 About the Authors........................................................................................................................... 8 Driton S. Bejtullahu..................................................................................................................... 8 Violeta Haxhillazi ........................................................................................................................ 8 Osman-Jablan Bulić ................................................................................................................... 9 Suzana Temelkoska ................................................................................................................... 9 Liridona Cani ............................................................................................................................ 10 Antigona Limani........................................................................................................................ 10 Chapter 1: Risk Management (Driton S. Bejtullahu) 1. Introduction ........................................................................................................................... 12 2. Complexity – a Reason for Increased Risks in Industry and Trading .................................. 12 3. Value of ISO 31000/ISO 31004/ISO 31010 and Risk-Oriented Corporate Management Systems ................................................................................................................................ 14 4. Elements of a Successful Risk Management ...................................................................... 15 5. Risk Management Process According to ISO 31000........................................................... 16 6. Risk Categories .................................................................................................................... 18 7. Risk Management Process .................................................................................................. 20 8. Who Shall Manage Risks? ................................................................................................... 21 9. Intuitive Risk Management ................................................................................................... 22 10. Definition of Risk .................................................................................................................. 22 11. Management, Risk Management and Managing Risk ......................................................... 23 12. Risk and Objectives.............................................................................................................. 24 13. Risk Owner – Definition ........................................................................................................ 24 14. Leadership and Commitment ............................................................................................... 31 15. Integrating the Risk Management Framework into an Organization ................................... 32 16. Defining the Risk Management Framework ......................................................................... 32 17. Identifying and Analysing the Stakeholders ......................................................................... 33 18. Identifying and Analysing the Requirements Related to Risk Management........................ 34 19. Articulating Risk Management Commitment ........................................................................ 35 20. Risk Management Policy and Risk Management Manual ................................................... 36 21. Techniques of Risk Management ........................................................................................ 36 22. Risk Evaluation..................................................................................................................... 60 23. References ........................................................................................................................... 65 Chapter 2: Business Continuity Management (Violeta Haxhillazi) 1. Introduction and Definitions of Business Continuity Management ...................................... 67 2. Why Discuss Business Continuity? ...................................................................................... 67 3. Business Continuity (BC) and Business Continuity Management (BCM) ........................... 68 4. BCM Role in Threat/Disaster Planning and Response ........................................................ 69 5. Added Value of Business Continuity and Risk Management .............................................. 71 6. BCM and Business Planning................................................................................................ 74 7. BCM and Resilience ............................................................................................................. 81 8. References ........................................................................................................................... 85 Annex 1: Business Continuity Management (Bow-Tie Analysis) ................................................. 85 Chapter 3: Information Security Management Systems (Osman-Jablan Bulić) 1. Information Security Management Systems (ISMS) – Why are These Important in Today’s Industries? .............................................................................................................. 87 2. Establishment of an Adaptable Information Security Policy and IT Security Policy ............ 88 3. ISMS Aspects with View to BCM ......................................................................................... 88 4. The Standards in the Field of ISMS ..................................................................................... 89 5. The Implementation of an ISMS .......................................................................................... 89 6. Information Security Incident Management ......................................................................... 91 7. The Implementation of Information Security Management Systems into the Business Processes ............................................................................................................................. 91 8. Rationale for Engaging in ISMS Systems with View to Business Resilience ...................... 92 9. Certification Against ISO/IEC 27001 .................................................................................... 93 10. Recommended Literature ..................................................................................................... 94 Chapter 4: Supply Chain Security Management Systems (Violeta Haxhillazi) 1. What is Supply Chain Management (SCM)? ....................................................................... 96 2. Client and Relationship with Supply Chain Management .................................................... 97 3. Supply Chain Operations, Processes and Planning .......................................................... 101 4. ISO 28000 Supply Chain Security Management Systems ................................................ 106 5. Security Risk Assessment and Planning ........................................................................... 107 6. Managing SCM Risk .......................................................................................................... 108 7. Robust or Resilient? Or Both? ........................................................................................... 109 8. Resilient & Secure SCM Strategy ...................................................................................... 110 9. Benefits of Resilient & Secure SCM .................................................................................. 112 10. References ......................................................................................................................... 113 Chapter 5: Occupational Health and Safety Management (Suzana Temelkoska) 1. Foster a Healthy and Safe Environment in Crisis Situations ............................................. 115 2. ILO Policies and Documents Referring to Safety and Health ............................................ 118 3. The Standard ISO 45001 ................................................................................................... 122 4. Determination of the Scope of an OH&S System with View to Business Resilience ........ 125 5. How to Best Understand the Workers’ Needs ................................................................... 128 6. Analyzing Risks and Opportunities Related to OH&S and Planning of Action .................. 130 7. Operation and Performance Evaluation of an OH&S System ........................................... 132 8. Rationale for Engaging in OH&S Systems with View to Business Resilience................... 133 9. References ......................................................................................................................... 134 Chapter 6: Innovation Management (Liridona Cani) 1. Introduction of Innovation ................................................................................................... 137 2. Radical and Incremental Innovation: The Importance of Both Types of Innovation with View to Resilience