Skip navigation
Talking Business Continuity
Home / Becoming certified / Certification case studies / Industrial Bank of Korea

Industrial Bank of Korea

Industrial Bank of KoreaClient Objectives

  • To demonstrate that robust business continuity management is in place and that the bank is ahead of its competitors in implementing best practice.
  • To use Business Continuity Management to underpin the requirements of the Korean Financial.
  • Supervisory Service’s code against BASEL ll, the international banking regulation standard.
  • To gain competitive advantage in the marketplace.
  • To gain greater confidence to withstand and recover from crises and incidents.

Background

Established in 1961, the Industrial Bank of Korea (IBK) is one of the top five banks in Korea. It mainly provides financial services and expertise to the business community, with an 18% share of the Small and Medium Enterprise (SME) financing market. The headquarters is located in the centre of Seoul and its IT headquarters,which was targeted for BS 25999 certification, is in Yong-In city, 40km from Seoul. The IT centre exclusively provides all IT-related services to all branches, and its back-up office is located in the Seoul headquarters building. The IT network and systems are essential to the bank’s service and operation in order to satisfy customers’ requests. All clients should receive a prompt response to service requests irrespective of any crises or incidents.

Customer Needs

The CIO’s commitment to BCM was the biggest driver for BS 25999 certification, as part of IBK’s long term business strategy to become a best in class banking business. Moreover, since 2003, the Korean Financial Supervisory Service - which regulates and supervises financial institutions - has stipulated that Korean banks need to establish and robust BCM practices, including business continuity plans, to meet global requirementssuch as BASEL ll and IFRS. Therefore, IBK had already been active in the BCM area. This led to the drive for early certification to BS 25999 because the bank wanted independent verification for its business continuitymanagement systems to show it was meeting industry best practice. Its CIO was also keen to ensure that the BSI audit would innovate and develop knowledge in BCM for all staff as well as directly related departments.

What was involved?

IBK completed the implementation of a Business Continuity Management System (BCMS) across its entire organisation in July 2007. This meant the bank was on target for going for BS 25999 certification in early 2008. The steps taken towards BS 25999 certification with BSI were as follows:

1. Initial review

Led by the Risk Management Division and the Information Systems Division, and using consultation from PwC, a bank-wide business continuity audit was undertaken using the methodology set down in BS 25999. A gap analysis was done which defined an action plan for system design and strategy.

2. Analysis

A Business Impact Analysis (BIA) and Risk Assessment (RA) were then produced from analysing over 700 work processes, and then identifying and prioritising the critical activities in terms of urgency, interdependency and target recovery times.

3. Management System

The BIA and RA were used to set overall strategy and to frame specific individual Business Continuity Plans (BCPs), creating a core Business Continuity Management System (BCMS). This was embedded through the development of a Continuity Management policy manual, with training documents for each department.

4. Implementation

To accomplish effective BCM implementation, IBK now regularly undertakes reviews of the RA and BIA, and the BS 25999 principles and exercises, and regularly updates the BCMS on organisational and other changes.

5. Assessment

BSI audited and reported on IBK’s initial review and gap analysis, and conducted a final audit upon implementation, leading to the award of certification to BS 25999 in March 2008.

Benefits of certification

Certification serves as a tangible demonstration that best practice has been achieved, leading IBK to gain competitive advantage in the marketplace and to reassure its customers that it is committed to business continuity best practice.

  • It has also protected vital assets and built greater confidence to face crises or incidents that could be fatal to the organisation.
  • The bank is satisfying Financial Supervisory Service requirements.
  • The process has also increased employee engagement, and improved communications around BCM.

BSI's role

States Mr Kwang-Baek Seo, Deputy General Manager, Information Systems Department, IBK: “It was very helpful to us when BSI raised the non-conformities from our initial review and gap analysis. This helped us understand our weaknesses and the problems in our organisation, which led directly to changes to the existing process and strategy, leading to a more effective and robust BCMS. We are now working to further embed the BCMS into our organisational culture, utilising all our staff to enhance our overall BCM.

Comments Mr YS Choi, BS 25999 product manager for BSI Management Systems Korea: “I recommended that it would be good practice for IBK to apply the BS 25999 standard requirements to IBK’s existing BCM system. IBK’s successful disaster recovery system will be a model for other companies to follow. The strong commitment of its managers to BCM and its robust investment led to this successful BS 25999 certification.”

 


Back to the top ^

Email Newsletter

Subscribe to our newsletter Subscribe to our newsletter to receive the latest Business Continuity Management news and information.

Product Guide

Download a free Business Continuity Management Product Guide Provide us with your details and download a FREE Business Continuity Management Product Guide.
© British Standards Institution | Privacy | Terms and Conditions | Accessibility | Site Map | Contact Us
BSI Group Headquarters, 389 Chiswick High Road, London, W4 4AL, UK
Tel: +44 (0)20 8996 9000
a service by BSI