SBS - The Best Value in QMS software

Business Continuity Planning in ISO 9001?

qualprod

Trusted Information Resource
#1
Hello to all.
I share this need of one of our customers.
Is asking us a contingency plan.
We are a small manufacturing company 90 people, producing labels of several material for the industry.
Under 8.2.21
e) establishing specific requirements for contingency actions, when relevant.

At what level we have to comply with this under ISO 9001?
Could it be enough to have a risk detected with action plans regarding in how to comply the customer in case o
f internal or external problems?
For example, to have more suppliers of raw material, to have spare equipment in case of failures, more people trained
in case of absences of someone? also is considered the Covid issue.
Or should we comply with a special requirement of a BCP addressing specifics, issues?

Could you share contingency plans which comply with this requirement of the standard?

Thanks in advance.
 
Elsmar Forum Sponsor

qualprod

Trusted Information Resource
#2
Hello to all.
I share this need of one of our customers.
Is asking us a contingency plan.
We are a small manufacturing company 90 people, producing labels of several material for the industry.
Under 8.2.21
e) establishing specific requirements for contingency actions, when relevant.

At what level we have to comply with this under ISO 9001?
Could it be enough to have a risk detected with action plans regarding in how to comply the customer in case o
f internal or external problems?
For example, to have more suppliers of raw material, to have spare equipment in case of failures, more people trained
in case of absences of someone? also is considered the Covid issue.
Or should we comply with a special requirement of a BCP addressing specifics, issues?

Could you share contingency plans which comply with this requirement of the standard?

Thanks in advance.
In looking specific answers to my post, I found this interesting article on the net.
This is the link.
Contingency Plans: An Essential Quality Management System Risk Tool

Marc if you consider is ok to be shared, keep it , if not delete it.

Thanks
 

Tagin

Trusted Information Resource
#3
Under 8.2.21
e) establishing specific requirements for contingency actions, when relevant.
That requirement, 8.2.1e, is specific to 8.2.1 Customer communication, and according to TS9002 it means:
the organization should...ensure that it is proactive in communicating with the customer about possible contingency actions that can be taken, if the need occurs, to avoid having a detrimental effect on meeting customer requirements; this could include situations such as natural disasters, weather, labour disputes, shortfall of raw materials or of backup external providers
So, that is really about how are you going to inform the customer when the unexpected occurs that might affect customer requirements, such as delivery schedules. A typhoon in the Pacific may not affect your plant, but it might affect your supply chain, which might interrupt or delay deliveries to your customer. So, a business continuity plan is not central to 'contingency' as used in this clause element (unless you extend your BCP to include your supply chain).

I share this need of one of our customers.
Is asking us a contingency plan.
So, by 'contingency plan' do they mean some form of disaster recovery plan or business continuity plan? Probably.

Some customers have that as a 'checkbox' item for their suppliers and just want to see some disaster recovery or business continuity document, whether it is realistic or not. But if you are going to create one, you might as well have one that actually is useful for your organization. Beyond that, the customer may specify some criteria for the contingency plan, but usually do not.

To me, DR/BCP arises from: 4.1 (determine external and internal issues) affecting 4.2 (needs and expectation of interested parties) addressed via 6.1 (actions to address risk and opportunities). So, combined into a sentence, it is a plan that addresses:

What are the external and internal issues that potentially could impact our ability to meet the needs of interested parties, such as customers (and maybe the banks and employee payroll too!), and how can we plan ahead to address those risks if they occur?
 

qualprod

Trusted Information Resource
#4
That requirement, 8.2.1e, is specific to 8.2.1 Customer communication, and according to TS9002 it means:


So, that is really about how are you going to inform the customer when the unexpected occurs that might affect customer requirements, such as delivery schedules. A typhoon in the Pacific may not affect your plant, but it might affect your supply chain, which might interrupt or delay deliveries to your customer. So, a business continuity plan is not central to 'contingency' as used in this clause element (unless you extend your BCP to include your supply chain).



So, by 'contingency plan' do they mean some form of disaster recovery plan or business continuity plan? Probably.

Some customers have that as a 'checkbox' item for their suppliers and just want to see some disaster recovery or business continuity document, whether it is realistic or not. But if you are going to create one, you might as well have one that actually is useful for your organization. Beyond that, the customer may specify some criteria for the contingency plan, but usually do not.

To me, DR/BCP arises from: 4.1 (determine external and internal issues) affecting 4.2 (needs and expectation of interested parties) addressed via 6.1 (actions to address risk and opportunities). So, combined into a sentence, it is a plan that addresses:

What are the external and internal issues that potentially could impact our ability to meet the needs of interested parties, such as customers (and maybe the banks and employee payroll too!), and how can we plan ahead to address those risks if they occur?
I agree with you, based from foda---> I got the 4.1 and 4.2.
Under 4.1 , I detected as a negative issue, the possibility to fail to customers on their requirements, then
under 6.1 , I raised the risk, defined the actions plans to mitigate such risk.
I think this risk, could be my contingency plan.
On the other hand, you are right, it could be a good Idea to ask the customer, what is the specific need.
Contingency plan or BCP?
Altough in some way, is basically the same, dont´you think?, because the main purpose is to comply to your customer
Thanks
 

Tagin

Trusted Information Resource
#5
On the other hand, you are right, it could be a good Idea to ask the customer, what is the specific need.
Contingency plan or BCP?
Altough in some way, is basically the same, dont´you think?
I was thinking in terms of specific requirements they might have: for example, that your plan provides a way to begin production within 60 days if your current site became unusable.
 

qualprod

Trusted Information Resource
#6
Ok, I understand what you mean.
Based on the customer ´s requirements to define the BCP.
On the other hand, what is the difference between BCP and contingency plan? I think is ths same but different names
or is it a different scope?
I didnt explain it, FODA is the SWOT.
 

Tagin

Trusted Information Resource
#7
On the other hand, what is the difference between BCP and contingency plan? I think is ths same but different names
I look at it as:
  • Contingency plan - general term for any kind of plan to deal with major risks that will interrupt or cause to fail a project, business, etc.
  • Business Continuity Plan - a contingency plan focused on making sure the business keeps operating even if major risk events occur.
  • Disaster Recovery - a contingency plan that is a subset of a BCP, focused on restoring infrastructure and equipment to operation; often is assumed to refer specifically to recovery of IT systems.
 

qualprod

Trusted Information Resource
#8
I look at it as:
  • Contingency plan - general term for any kind of plan to deal with major risks that will interrupt or cause to fail a project, business, etc.
  • Business Continuity Plan - a contingency plan focused on making sure the business keeps operating even if major risk events occur.
  • Disaster Recovery - a contingency plan that is a subset of a BCP, focused on restoring infrastructure and equipment to operation; often is assumed to refer specifically to recovery of IT systems.
Trying to add answers for all who are interested in this issue.
This is an extract of an interesting Craig Cochran´s book

Establishing contingency actions Contingency actions are “what if” scenarios. They certainly don’t apply to every transaction an organization initiates. In fact, they may rarely come up, but it’s important to consider if any contingency actions might be necessary. Contingency actions are one more way of addressing risk. These might include what will happen in the event of:
-A lost or late shipment Product
-failure in the field Delivery during nonbusiness hours
-Weather emergencies
-Labor stoppage (in a unionized environment)
Contingencies are usually defined as part of large, expensive, and risky projects. Evaluate your own contracts and orders to see if this is something your organization would benefit from.

Summing up, I think I´m in the right track to address the contingency issue under ISO, which I have decided to take it as a RISK.
the actions to implement to mitigate the risk , can be the contingency actions. See above text in bold.
Hope it helps
 

Big Jim

Super Moderator
#9
I view 8.2.1e as dealing with contingencies as they arise and determining how to best handle it. Since a customer asked about contingency plans, before trying to develop far more work than necessary, talk to your customer and find out what his concerns are.
 

qualprod

Trusted Information Resource
#10
Jim
I ´d add the next.
As you said, it depends of customer, for example:
if requirements of this customer are very strictive (contingencies plan against fire, flood, loss of power and facilities, terrorism, etc. but this customer buys only 500 USD a month.
Well, I can say this customer , is not possible to have a plan for you in this way, I can´t afford it.
So, under this case, I think, I comply by just having a short agreement mentioning few and simple contingencies, , e.g. Raw material shortage, having spare parts for machines, having personnel in stand-by waiting in case of absences and that´s all.
If it were a customer who has high consumption of products, and this allow me to have high profits, well, In this
is possible to have a robust BCP well documented where is included all what is necessary, all kind of contingencies, how to recover the plant in case is destroyed, how to have an agreement with another supplier to produce, while plant is down, to ensure the payments
to employees while, plant is under rebuilding, the testing of the plans, etc.

Is it ok, my assumption?

Thanks
 
Thread starter Similar threads Forum Replies Date
Richard Regalado Top 10 operational risks of 2019 for business continuity planning Business Continuity & Resiliency Planning (BCRP) 6
K Disaster Recovery and Business Continuity Planning - Where to start? Business Continuity & Resiliency Planning (BCRP) 20
A Risk Assessment, Business Continuity Planning, Testing, BCP, etc as part of ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 8
J Business Continuity Planning - Experiences related to Thailand's flooding Business Continuity & Resiliency Planning (BCRP) 5
Marc Business Continuity & Resiliency Planning (BCRP) - New Forum Business Continuity & Resiliency Planning (BCRP) 16
E BCP (Business Continuity Plan) Call Tree Business Continuity & Resiliency Planning (BCRP) 13
M SOP Sample for BC/ISO22301 (Business Continuity) wanted Business Continuity & Resiliency Planning (BCRP) 4
M BCM (Business Continuity) and BPM in a company with an IT System Business Continuity & Resiliency Planning (BCRP) 0
J Business Continuity - ISO 22301 BCMS Strategic and Tactical Objectives Business Continuity & Resiliency Planning (BCRP) 3
L Need a bone to throw at a customer (Business Continuity/Contingency Plan) Business Continuity & Resiliency Planning (BCRP) 11
S Question about IS in Business Continuity Management (A.17.1) IEC 27001 - Information Security Management Systems (ISMS) 2
R How to test a BCP (Business Continuity Plan) Business Continuity & Resiliency Planning (BCRP) 6
D Exercising Business Continuity or Disaster Recovery Plans Business Continuity & Resiliency Planning (BCRP) 5
K Testing the Business Continuity Plan Business Continuity & Resiliency Planning (BCRP) 5
J ISO 22301 - Implementing a Business Continuity Management System Business Continuity & Resiliency Planning (BCRP) 15
Richard Regalado Sample Plan for Developing an ISO 22301 Business Continuity Management System (BCMS) Business Continuity & Resiliency Planning (BCRP) 3
Richard Regalado Weathering the storm - The 2013 Business Continuity Management Survey Business Continuity & Resiliency Planning (BCRP) 2
J ISO 27001 - Business Continuity Event Simulation Testing Business Continuity & Resiliency Planning (BCRP) 8
S Business Continuity Disaster Recovery Gantt Chart Business Continuity & Resiliency Planning (BCRP) 5
T Incorporate BCP (Business Continuity Plan) into QMS Business Continuity & Resiliency Planning (BCRP) 1
I Business Continuity Plan for manufacturing a IVD ISO 13485:2016 - Medical Device Quality Management Systems 4
A Business Continuity ? Disaster Recovery and Crisis Management differences Business Continuity & Resiliency Planning (BCRP) 8
Richard Regalado What's brewing at ISO for Business Continuity? BS 25999's ISO Counterpart Business Continuity & Resiliency Planning (BCRP) 10
P Can anyone give Business Continuity Plan (BCP) (ISO 27001) Business Continuity & Resiliency Planning (BCRP) 10
J Business Continuity Management Documentation Business Continuity & Resiliency Planning (BCRP) 2
D BS 25999 - BCM (Business Continuity Management) Strategy Business Continuity & Resiliency Planning (BCRP) 2
RoxaneB Vendor Listing in a Business Continuity Plan / Disaster Recover Business Continuity & Resiliency Planning (BCRP) 6
Randy Some hints on BS25999-2:2007 - "Business Continuity (BC)" Business Continuity & Resiliency Planning (BCRP) 5
Sidney Vianna ANAB - Certified Organizations Business Continuity and Disaster Recovery Business Continuity & Resiliency Planning (BCRP) 0
Sidney Vianna BS25999-1:2006 First Part of Business Continuity Standard Published Business Continuity & Resiliency Planning (BCRP) 48
J Business Continuity for IVD manufacturers - Our most severe risk is fire Business Continuity & Resiliency Planning (BCRP) 4
S Business Number versus Company ID? Canada Medical Device Regulations 2
K Business Process Flowchart Process Maps, Process Mapping and Turtle Diagrams 2
Sidney Vianna Informational ESG - Environment, Social & Governance issues gaining ground in the Business World Sustainability, Green Initiatives and Ecology 22
N ISO 9001 - Training business with fewer than 5 employees ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
S ISO 9001 implementation in a Gold exporting business ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
H Expanding our business and the implications to our QMS Manufacturing and Related Processes 2
M ISO 9001:2015 8.2.1 Contingency Plan required for small Business? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
Nicole Desouza ISO / AS Certification - Small business with less than 100 employees ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
R Supplier evaluation and business needs in the context of ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 2
M Informational Australia – TGA business plan 2019-20 Medical Device and FDA Regulations and Standards News 0
A Brazil: Termination of business relations with BRH – what happens to registrations? Other Medical Device Regulations World-Wide 1
Jen Kirley Conway Business Services LLC - Jen Kirley ISO 14001:2015 Specific Discussions 0
J Business Intelligence and 21 CFR Part 11 Compliance Qualification and Validation (including 21 CFR Part 11) 1
G Anyone working with or planning to do business in the CBD (cannabidiol) industry? US Food and Drug Administration (FDA) 1
M Supplier Management outsourcing - Business idea Supplier Quality Assurance and other Supplier Issues 8
T AS9100 Maintain Approval When Business Ownership Changes AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
WCHorn US Citizen Traveling to Mumbai for Business Travel - Hotels, Motels, Planes and Trains 4
S New to the automotive business and VDA VDA Standards - Germany's Automotive Standards 5
R Process Mapping for a BPMS (Business Process Management System) vs ISO Process Maps, Process Mapping and Turtle Diagrams 1

Similar threads

Top Bottom