CSR

CORPORATE SOCIAL RESPONSIBILITYBusiness Continuity Management System(BCMS)

BCP Framework

SK hynix maintains and manages ISO 22301 Certification on Business Continuity Management, and pursues maximization of business continuity through augmentation of operational performance.

Analysis

Monitoring

SK hynix monitors changes in SK hynix’s Business Environment that may affect our business continuity. The monitoring targets are factors that may cause possible business disruptions.

RA (Risk Assessment)

SK hynix performs periodic assessments (at least annually) of various risks that may lead to business disruptions. The risks are identified through research and information gathered from various sources such as NFPA, EM-DAT, FEMA, NEMA (Korea National Emergency Management Agency), Framework Act on Disaster Management Safety, Countermeasures against Natural Disaster ACT., ISO 22301 requirements, and etc. SK hynix has identified 46 Business Risks and selected major risks to be addressed through our Business Continuity Plans.

BIA (Business Impact Analysis)

SK hynix performs periodic BIAs; SK hynix estimates the Business Impact of an outage of critical processes and implements appropriate actions to manage risks. Through qualitative/quantitative analysis of impacts that affect our business, MTPD, RTO, and MBCO are determined and resources required for recovery are identified.

MTPD (Maximum Tolerable Period of Disruption)

MTPD is the maximum level of timeframe that company can tolerate in the event of disruption. In order to estimate the impact from disruption, SK hynix has taken major financial factors into account and determined MTPDs per each unit processes.

Impact from decrease in Sales(Sales per product)→ Inventory Level(Days in Inventory) → Tolerable Level(Cash and Cash Equiv.) → MTPD

RTO (Recovery Time Objective)

The target time period to recover the critical processes of the company; SK hynix has determined the objective time period within tolerable amount of impact and losses through quantitative/qualitative assessments.

MBCO (Minimum Business Continuity Objective)

MBCO is set by senior management, which is the minimum business continuity level (based on production capacity) within recovery time objective. BCP strategy and resources are formulated to achieve this objective.

Prepare

SK hynix sets BCP strategies necessary for business recovery based on the processes and resources identified during the ‘Analysis (Risk Assessment & Business Impact Analysis)’ phase. BCP strategies include equipment/utility recovery, procurement, human resource management, back-up workspace, and etc..

Planning

The Business Continuity Plans of SK hynix are defined into three tiers – Corporate/Site/Team (Department) Levels. Each plans specify pre-defined procedures describing immediate responses and recoveries to react upon business disruptions caused by accidents/disasters. Each plans are periodically updated based on the results of internal review, test, and exercise results.

  • Corporate

    Corporate level plan refers to Business Continuity Management System (BCMS) policy and procedures that provide principles and standards on Business Continuity Management System (BCMS), organization, activities and execution.

  • Site

    Site level plans define roles, responsibilities, and recovery procedures that the command center and each recovery units should act upon.

  • Team(Department)

    Team (Department) level plans define roles, responsibilities, and recovery procedures that each teams under recovery units should act upon.

Test

Each teams at SK hynix has designated plan owners who review and test their plans to scrutinize the effectiveness, appropriateness, and efficiency of each plans.
Exercises are periodically performed to test the plans, encourage business continuity culture, and to fix clear roles and responsibilities of individuals under disasters/accidents. Through exercises, each teams (departments) and individuals familiarize with the procedures defined in the plans, and test the effectiveness to improve the plans.
The results of tests and exercises are escalated up to senior management for final review to ensure Business Continuity management and the plans are sound, and continuously updated.

Business Continuity Management Team

Business Continuity Management Team in normal state of business

The Business Continuity Management Team under normal business operation perform maintenance and improvements of SK hynix BCP. The organization monitors BCP operations of each teams (departments), review and improve the Business Continuity Plans through coordination with relevant business units.

The role of Business Continuity Management Team under normal business operation are as follows:

  • Risk Assessment and Scenario Development
  • Business Impact Analysis
  • Review, Development and update of BCP Strategies and BC Plans, Review by Senior Management, Education, Exercises, Monitoring, Assessment and Reporting.

Business Continuity Management Team after BCP Activation

When BC Plans are activated due to disaster/accidents, the BCP Command Center and Recovery units are summoned based on the emergency contact lists. The Recovery units then execute recovery procedures under Command Center’s leadership.

Roles of BCP Units

BCP Units Role Definition
BCP Committee Make decisions based on damage reports, and decide upon the policies and plans for corporate-wide emergency response, disaster and business recoveries.
BCP Commend Center Monitor the crisis and recovery status of the affected site, and summarize critical facts that may impact our business to report on decision making issues to the BCP Committee.
Coordinate with each recovery centers to share timely information and quickly deliver issues to the BCP Committee.
Disaster Recovery Center Execute and conduct overall emergency response, damage assessment, recovery plans, prevention of recurrence.
Disaster Recovery Support Center Provide assistance to the affected site in terms of human/physical resource to facilitate the overall recovery process.
Business Recovery Center Set up a Contingency Business (Production/Sales) Plan through optimized allocation of resources.
Execute Contingency management to recover normal state of business.
Crisis Communication Center Maintain credibility from stakeholders through strategic and proactive communication and response to requests.

Exercises

SK hynix puts its best efforts to maintain effectiveness of the emergency response and recovery processes through periodic corporate-wide exercises.

BCP exercises reviews response and recovery procedures and the relevant plans under assumption of possible disruptions. Through the exercises, the effectiveness and appropriateness of BCP activation procedure, and each tasks to be performed by relevant teams are tested. Through such process we ensure the practicality of the BCP execution.

  • About 50 people, including CEO Sung-Wook Park, attended the event.

  • Performed the 2nd simulation training for the BCP project.

  • Verified effectiveness of the BCP system and supplemented the system enterprise-wide.

  • Performed the simulation training enterprise-wide to verify effectiveness of the BCP system.

Activation Procedure

Immediately after a disaster/accident, ESH leads the emergency evacuation and responses, and personnel with expertise in each equipment/utility perform damage assessment.
Based on the damage assessment reports, BCP activation is decided by the senior management, and the plans are executed.

ISO 22301

Acquired ISO 22301 certification.

SK hynix has acquired Certification on Business Continuity Management based on the requirements stated by ISO 22301, as of 11. Jan, 2015. ISO 22301 is an international standard regarding Business Continuity Management, put into effect by the International Standard Organization in May, 2012.
The standard outlines the recommended requirements that business should possess in order to recover its core operations during a disaster/accident.
SK hynix has set up a foundation for a resilient business, being prepared to recover its production, human resources, and infrastructure within a time objective, based on the business continuity plans.