Business Continuity Planning for Our Customers
Ribbon is committed at all levels to implementing and maintaining robust arrangements which will enable critical functions to continue to deliver key services in the event of minor or major incidents, disruptive events, and crisis situations.
Proactive behavior is key; threats are identified, and risks are prioritized on a regular basis. Disruption to Ribbon business operations can come from any type of “event”; man-made or natural, without warning. By placing a priority on Business Continuity Planning, any impacts to our employees, our customers and partners or our ongoing operations will be minimized.
Business Continuity planning at Ribbon continues to evolve. We have moved from our historical alignment to the British Standard BS 25999 (2006) and are now aligned with the more modern industry-standard ISO 22301 (2012) in governing our complete Business Continuity Management System.
Communication – for our Stakeholders
Regardless of the incident, Ribbon is listening, please call 866-436-2263 (Option 0) to ask a question or raise a concern. For a detailed response to Business Continuity matters please email bcp@rbbn.com at any time.
During a trigger incident, the Emergency Management Team have an objective to keep the following internal organizations informed on response and recovery activities:
- Services Organization and Customer Support
- Supply Chain
- Hardware Research and Software Development
- Human Resources to provide family support
We recognize that Ribbon’s Unified Communications Solution is often the fallback position for the business continuity planning of our customers and their customers. This suite of products allows for remote working during an event along with web conferencing capabilities to improve communications during a disaster recovery. Our customers place their trust in us that their commitments to their customers will be met.
Ribbon Plans and the Business Continuity Management System (BCMS)
Ribbon actively maintains a Business Continuity Management System (BCMS) to ensure stability of all Global Operations following a potential disruption or catastrophic event, such as a natural disaster, pandemic, cyber attack, or other similar events within the supply chain. The plans within the BCMS define objectives, dependencies and steps to execute to limit the impact from the loss of key service and product delivery.
Our BCMS is mandated by Ribbon’s Executive Management Team and is used to ensure the correctness of our Continuity Plans. By following the “Plan, Check, Act, Do” steps, we align to the ISO 22301 standard. Each year the following steps are executed sequentially to ensure:
- Our organization is aligned to the BCMS,
- Business Impact Assessment (BIA) and Risk Appetite assessments are performed.
- Accuracy and system health is assessed by way of quarterly BCP drill exercises.
- The BCP drill result metrics are used to generate areas for improvement and actions setting.
- An annual management review is held to keep the business leaders abreast of the action progress, resourcing requirements and the contributing responsibilities of organisations within Ribbon.
The five major elements of our BCMS:
- Risk assessments are performed with the Executive Management team, to decide which facilities and functions are to be analyzed in terms of their relative vulnerability and potential impact of disruptions. Reputational, operational and financial risks (among others) are taken into account, and a heat map is developed to enable prioritization for the Business Continuity Plan.
- Business Impact Analysis (BIAs) are performed for each facility and major business function, beginning with
thehigher-risk entities. In a BIA, all major buildings, equipment, processes, human resources, suppliers and IT systems are identified, rated based on their criticality in achieving operational objectives, and an estimated time to recover is determined. - Business Continuity Plan (BCP), which specifies the procedures for business recovery, support team roles and responsibilities, communication routes and the locations of the Disaster Recovery Plans (DRPs).
- Disaster Recovery Plans (DRPs) are created at the Team Leader level to uniquely specify detailed recovery activities across the organization.
- Exercising the BCP, simulation exercise drills are performed regularly with involvement from both site primes and senior business leaders, seeking improvement opportunities for the organization’s preparedness. Lessons learned are published after every drill.
The results and priorities of the Business Continuity Management System process and improvement activities are reviewed regularly by a steering committee comprised of members of our Emergency Management Team and Ribbon senior management.
Ribbon BCP Scope
All of Ribbons facilities around the globe fall under the Ribbon BCP Scope includes:
- Emergency Response, First aid, and Safety and Evacuation plans for employees and visitors.
- Physical Security provision at all facilities
- High Availability Key Network Architecture
- Network infrastructure and cyber security including data privacy and backup/duplication policies
- Software development and support toolsets
- Communications during Business Continuity (BC) events (internal and external)
- Asset inventories and Insurance policies
Roles, Responsibilities and Resource Provision
Ribbon’s Business Continuity Management System and the purpose of the BCP plans are the responsibility of the Senior Director of Global Real Estate and Facilities. Members of the BC Team take action to update the communication plan, organization charts and the BCMS documentation set. Leadership is provided by site and functional primes called the Emergency Management Team (EMT). The EMT performs duties during BCP drills and actual trigger events, and represents the whole Ribbon organization by seeing recovery and restoration actions through to completion.
The BCMS is championed by the Chief Legal Officer (CLO) within the Executive Management Team, who offers business direction, resourcing and objectives to ensure the BC arrangements are in alignment and meet corporate goals.
All Ribbon employees are trained in general BCP awareness. Detailed specific continued operations training is identified and issued to those who require it.
BCMS Documented Process
The BCMS documentation set is updated, at least annually, and when business dictates a requirement to do so, included in this set is:
- Business Continuity Policy with Leadership Signatory
- Management System Overview containing BCMS Scope
- BCMS health reporting via KPIs and the BC Objectives
- BIA (Impact Analysis), Risk Assessments and Appetite for Risk
- Incident Response Structure (complete with ticket-tracking integration)
- The BCP, Disaster Recovery Plans and Training materials
- Schedule for drills, results of drills and other action items history
- Annual management review slides, Minutes and the Corrective Actions Register (via CAR database)
The BMCS delivers vital information which is critical to decision making at Ribbon during a trigger event. Preparedness comes from understanding our business objectives; these tools deliver answers to the pertinent questions, such as:
- What are our key services and products?
- What are the regional and international dependencies to key activities?
- Where can alternative sources of service be located?
Making our employees aware of our BC arrangements reduces anxiety of what might happen to ongoing operations if a site were to be severely impacted by an event. The demonstration of the health of our BCP to our business leaders comes from our drills and training. Annual management reviews allow Ribbon to align on the resourcing required to ensure continuous improvement and the overall health of the BC Plans.
Ribbon Internal Organization
To ensure an internal communication plan remains current and effective, the organizational structure is reviewed directly after any significant internal reorganization activity and during every BC Drill Exercise.
Key Risk Assessments Sources
We take advice from credible sources such as professional organizations and industry leaders to construct the Current Risk Register. Our sources include DR Institute, FEMA, ENHESA, CPNI, UN, WHO, and WE Forum. We consider the locations of our facilities and use historical and current evidence to augment the register of risks considered.
Key Services
The key objective of the BC arrangements is to maintain, where possible, Key Services with minimal disruption. Our Key Services are:
- Customer Support – providing technical support to our customers and their users. Patching and functionality upgrade, network management and Kandy integration.
- 3rd Party Development and Manufacturing – R&D, Supply Chain and Order Fulfilment have regular reviews to ensure that our BC requirements are accommodated by our suppliers as detailed in our contracts with them. Supplier disruption minimization strategies are in place to limit the disruption caused when supply lines fail.
- Software Development and Hardware Research – R&D at one of our four key research sites has been arranged in such a way to ensure duplication across sites of both infrastructure and expertise. This redundancy allows the movement of knowledge to further increase the flexibility of the Ribbon workforce.
- Public Presence – www.rbbn.com is our global window to share information about Ribbon globally including our corporate BC Policy for our stakeholders.
In conclusion, the Ribbon-operated Business Continuity Management System covers all staff and all sites, all products and all operations. It works hard to exercise the BC plans which are generated from all areas of the business. The BCMS aims to identify the risks and the arrangements in place to mitigate those risks. Activities are performed to enhance the robustness of the arrangements for the security of the business and to improve delivery to our stakeholders in times of crisis. Measurements are taken to track the improvements and allow communication of progress to the Executive Management Team.
For more information, please email bcp@rbbn.com or contact your sales lead.