IT Continuity

Protecting critical assets with Business and IT Continuity at BillerudKorsnäs, a world-leading packaging producer

Photo by: Bergslagsbild AB. Copyright BillerudKorsnäs, all rights reserved
  • Background: BillerudKorsnäs is a world-leading supplier of renewable packaging materials and solutions based on wood fibre. Business is highly dependent on around-the-clock stable production at its large-scale production facilities, together with well-functioning customer support systems. Recently, the company identified a need for improved IT continuity to support continued international business growth and effective risk mitigation within the changing IT landscape.

  • Challenge: Help BillerudKorsnäs become more resilient to IT and other disruptions. Educate and train stakeholders to use and implement standardised business continuity tools across the organisation.

  • Solution: A standardised BCM framework and an IT continuity process were developed and implemented as a pilot with key stakeholders – providing them with the tools and skillset to analyse threats and grow BCM and IT continuity capabilities organisation-wide.

  • Benefits: With a centralised BCM framework, the company is more resilient to disruptions while a safer environment for IT continuity is being established organisation-wide. With these processes in place, BillerudKorsnäs can continue to focus on business development during disruptions.

  • Customer: BillerudKorsnäs is a world-leading provider of primary fibre-based packaging materials. With 4,400 employees and production units in Sweden, Finland and the UK, the company serves customers in over 100 countries.

A standard framework for Business Continuity Management

With 20 years of experience in helping organisations to build their organisational resilience capabilities, 4C Strategies was commissioned by BillerudKorsnäs to develop a standardised approach to IT Continuity Management (ITCM) and Business Continuity Management (BCM). BCM was practiced throughout the organisation, using diverse models and processes, but IT dependencies were unclear.

“We have accomplished teams at our facilities and other parts of the organisation that have worked hard to build resilience,” says Sofia Hidén, BillerudKorsnäs’ Environment, Safety and Quality Director (previously Head of Group Risk Management). “As units, they are well prepared for diverse disruptions. However, we wanted to bring in expertise to help us put more focus on IT because so much of our business is dependent on it. We also wanted to ‘connect the dots’ between the different facilities and business units to get a holistic BCM understanding of all the interdependencies.”

“Our assignment was to develop a tailored ITCM methodology, a standardised BCM framework, update existing BCM processes, and train stakeholders on how to best use them,” says Håkan Jidmar, Principal Consultant at 4C Strategies. “By applying standardised continuity frameworks across the organisation, BillerudKorsnäs will be better prepared for any eventuality, both at a micro and macro level.”

Copyright BillerudKorsnäs, all rights reserved
“4C Strategies have provided us with the IT and Business Continuity Management tools and the know-how necessary to move forward and increase our resilience. Thanks to their expertise and support we can act quickly and with confidence to implement the plans and processes necessary to continue to operate and deliver products within acceptable timeframes during a disruption.”
Sofia Hidén, Environment, Safety and Quality Director, BillerudKorsnäs

Piloting business continuity

It was agreed that the quickest and most effective way to approach the assignment was through a pilot project at one of the company’s paper mills. Rather than looking at the entire facility, a key operation was selected that, if disrupted, would have considerable consequences to the business. A new paper machine, which runs 24/7 and measures the entire length of the facility was chosen.

“We chose this paper machine because it’s a high-profile, high-investment asset that must be secured against disruptions,” explains Sofia. “Furthermore, IT permeates so much of production ­– from the supply of water and other raw materials to product quality control – so it provided the ideal pilot to ‘litmus test’ the new continuity methodology. There was also a lot of focus on the machine within the company and the team working with it were eager to get involved.”

Why business and IT continuity?

  • For BillerudKorsnäs customers, it highlights that operations can withstand disruptions and that the company can continue to supply goods.

  • For BillerudKorsnäs suppliers it can mean they must reassess their capabilities to ensure they can withstand disruptions and guarantee the supply of goods/services.

  • For BillerudKorsnäs leadership, it means being able to take better business decisions knowing that the framework and plans are in place to handle disruptions.

IT Continuity methodology

Interviews, workshops, training and a table-top exercise were held with employees from production, IT and the core project team, which included the Risk Manager, Information Manager, IT Continuity Manager and Paper Mill Manager.

“It was an important step for the attendees to collaborate in the context of IT Continuity,” explains Håkan. “This helped them to see the bigger picture and how interdependent the central IT and Production IT roles are. Bringing people together in this way provides an ideal foundation for future cooperation in a crisis. ”

Typically, when developing an IT Continuity methodology, the following steps are covered:

  • Assessment of gaps in IT Continuity
  • IT dependency mapping
  • Risk assessment of critical IT dependencies
  • Review of existing IT contingency plans
  • Development of methodology and disaster recovery plans based on gap analyses
  • Training and education
  • Table top scenario testing
  • Lessons learned and review

Based on this, a new ITCM methodology was developed with defined processes from which vulnerabilities can be identified and continuity plans developed in order to build resilience. This methodology was then implemented throughout the company.

“An effective cyber continuity process not only highlights where the vulnerabilities are and which risks are most critical but also what you can do during an incident and who should be involved. We wanted to know things like which plugs could be pulled, which absolutely could not be, and which had to be in the case of for example, a malicious intrusion attempt. Doing this process together with 4C gave us this level of information in a very structured way.”
Sofia Hidén, Environment, Safety and Quality Director, BillerudKorsnäs

Standardising BCM

In addition to the IT Continuity methodology, a standardised BCM framework was also developed for BillerudKorsnäs based on 4C Strategies’ 6-point model. This is built on the ISO22301 standard but provides a more proactive approach to continuity and resilience with the inclusion of capability building through lessons learnt. It can be tailored to meet the needs of any facility or Business Unit, using different process-based templates. Implementing a structured BCM framework in this way can have an extensive impact on the BillerudKorsnäs eco-system, which brings with it wide-reaching benefits:

  • At an organisational level, BCM processes are supported at different units under one BCM framework for improved resilience and a secure IT environment.
  • At an operational level, the most severe risks can be mitigated based on importance, potential impact and likelihood of occurrence.
  • At a regulatory level, it becomes easier to ensure and prove that facilities follow the framework and meet regulatory requirements.
  • Within production, it supports the stepwise implementation of continuity improvements at multiple facilities.

Engaging senior management

An important part of the assignment included a table top exercise with the BillerudKorsnäs Senior Crisis Management team. Conducting Crisis Management exercises is an engaging way to show stakeholders the critical role that effective BCM and crisis planning plays for an organisation and its eco-system. This typifies how BillerudKorsnäs is investing in BCM for the future – something that will deliver considerable benefits to the organisation moving forwards.

“Business Continuity and Crisis Management have risen up the agendas of boardrooms in recent years as companies see the need to be better prepared for different eventualities,” continues Håkan. “The pandemic has further reinforced the need for resilience as everybody now understands that the unexpected can and will happen.”

“IT Continuity is an intrinsic part of Business Continuity Management. The pandemic has put new demands on IT security, so it’s even more important to assess your vulnerabilities and have a plan for assuring continuity if an intrusion occurs. It’s good business sense.”
Håkan Jidmar, Principal Consultant, 4C Strategies

Conclusion

“4C Strategies have provided us with the IT and Business Continuity Management tools and the knowhow necessary to move forward and increase our resilience. Thanks to their expertise and support we can act quickly and with confidence to implement the plans and processes necessary to continue to operate and deliver products within acceptable timeframes during a disruption.” says Sofia.

“We now know when and where to focus our efforts and who should be involved – meaning we can continue to focus on business development with the peace of mind that operations will be running. Companies that haven’t invested in BCM and IT continuity risk losing focus during a disruption because they move into firefighting mode,” she concludes.

Message sent

Thank you
Your message has been received. We will get back to you as soon as possible.

Thank you!

You are now registered.

Download pack

Photo credits

License

Choose size
  • Original image
  • Large image (2900px)
  • Medium image (1920px)
  • Small image (1024px)
DOWNLOAD

Get in touch

Book a demo

    Solution Areas

    Get in touch

      Message sent

      Thank you
      Your message has been received. We will get back to you as soon as possible.

      Message sent

      Thank you
      Your message has been received. We will get back to you as soon as possible.

      Message sent

      Thank you
      Your message has been received. We will get back to you as soon as possible.