The organization shall:
a) – b) (…)
c) prepare contingency plans for continuity of supply in the event of any of the following: key equipment failures (also see Section 8.5.6.1.1); interruption from externally provided products, processes, and services; recurring natural disasters; fire; utility interruptions; cyber-attacks on information technology systems; labor shortages; or infrastructure disruptions;
The rationale for the change:
Organizations need to address the possibility of a cyber-attack that could disable the organization's manufacturing and logistics operations, including ransom-ware. Organizations need to ensure they are prepared in case of a cyber-attack.
a) – d) (…)
e) periodically test the contingency plans for effectiveness (e.g. simulations, as appropriate); cybersecurity testing may include a simulation of a cyber-attack, regular monitoring for specific threats, identification of dependencies, and prioritization of vulnerabilities. The testing is appropriate to the risk of associated customer disruption; Note: cybersecurity testing may be managed internally by the organization or subcontracted as appropriate
The rationale for the change:
Cybersecurity is a growing risk of manufacturing sustainability in all manufacturing facilities, including automotive. Contingency testing has also been identified by organizations and CBS as an area in need of clarification. This update provides details of what is to be tested as part of a cyber-attack contingency plan validation.
a) – d) (…)
e) periodically test the contingency plans for effectiveness (e.g. simulations, as appropriate); cybersecurity testing may include a simulation of a cyber-attack, regular monitoring for specific threats, identification of dependencies, and prioritization of vulnerabilities. The testing is appropriate to the risk of associated customer disruption; Note: cybersecurity testing may be managed internally by the organization or subcontracted as appropriate
The rationale for the change:
Cybersecurity is a growing risk of manufacturing sustainability in all manufacturing facilities, including automotive. Contingency testing has also been identified by organizations and CBS as an area in need of clarification. This update provides details of what is to be tested as part of a cyber-attack contingency plan validation.
KEY POINTS: Internal and external risks; Contingency according to customer impact; Effective Contingency Plan; Test and review the Contingency Plan; Multidisciplinary approach with Top Management; Annual revision; Natural Disasters (Disruptions from suppliers, Fire, Labour Shortages, Infrastructure disruptions); Key Equipment Failure (Robots, Assembling lines, IT Equipment’s Production Line and Office, Software, Cyber-attack).
COVID-19
Due to the expansion of the coronavirus, it is a threat to our business activity and there is an evident risk regarding the possible lack of personnel, we should considerer it convenient to update the Risk Analysis Template and the Contingency Plan, including it.
If you want training and even advice to implement the IATF 16949 standard in your company, please contact our team of ISO Consultants by visiting the website: www.xavierhernandezconsulting.com.