BUSINESS CONTINUITY PLAN (BCP) FOR PROCUREMENT CYCLE DIGITALIZATION (PCD) Tenaga Nasional Berhad 199001009294 (200866-W) FOR TNB CONSUMPTION ONLY
BUSINESS CONTINUITY PLAN (BCP) FOR PROCUREMENT CYCLE DIGITALIZATION (PCD) Document Control
1. Procurement Cycle Digitalization (PCD) is platform that facilitates to End to End (E2E) work flow in Procurement & Supply Chain Life Cycle through Digitalization. 2. It is essential for PCD System to ensure continuous support and services to the system users whilst increasing customerssatisfaction and experience. 3. In line with the above aspiration and requirement, as proactive measure, it is crucial of PCD BCP (Business Continuity Plan) document is up-to-date to avoid and mitigate risks associated with service denial to the customer (a disruption of business operations). 3 The objective of this document is to enable prompt, coordinated and effective response and recovery in managing the PCD system crisis to ensure continuity of TNB business operation. Context Objective 1
Contents Common terms and definition Introduction to PCD BCP 4 BCP Material Management BCP Logistics Management BCP Scrap Management BCP Product Inspection Management BCP Sourcing Management 2 Page 3 4 7 15 20 24 30 PCD BCP Project Team 49 1.0 2.0 3.0 4.0 5.0 6.0 7.0 8.0
Terms Definition PCD Procurement Cycle Digitalization Business Continuity Capability of an organization to continue the delivery of products or services within acceptable time frames at predefined capacity during a disruption. [Source: ISO22301] Business Continuity Plan Documented information that guides an organization to respond to a disruption and resume, recover and restore the delivery of products and services consistent with its business continuity objectives. [Source: ISO22301] Maximum Tolerable Period of Disruption (MTPD) Time it would take for adverse impacts, which can arise as a result of not providing a product/service or performing an activity, to become unacceptable. [Source: ISO22301] Example from TNB BCM Corporate: IT System (Tier 0 Criticality) = 48 hours Recovery Time Objective (RTO) Period of time following an incident within which a product and service or an activity is resumed, or resources are recovered [Source: ISO22301] Example from TNB BCM Corporate: IT System (Tier 0 Criticality) = 4 hours Assumption Presumption on any criteria that is accepted as true or as certain to happen, based on past event from internal and/or external sources Common Terms and Definition BUSINESS CONTINUITY PLAN (BCP) FOR PROCUREMENT CYCLE DIGITALIZATION (PCD) 3 1.0
Introduction to Procurement Cycle Digitalization BCP ✓ Procurement Cycle Digitalization (PCD) is a platform system that facilitates the End to End (E2E) workflow in Procurement & Supply Chain Life Cycle through Digitalization. PCD can be access through portal or Mobile Apps. • There are six different modules in PCD, which are; • Through Business Impact Analysis (BIA), a Business Continuity Plan (BCP) focusing on PCD is developed to ensure that the business and operations able to continue even when the system is down / unavailable. The main purposes of this BCP are to shorten the period of disruption and minimize the impact of the disruption. Insert icon and description here BUSINESS CONTINUITY PLAN (BCP) FOR PROCUREMENT CYCLE DIGITALIZATION (PCD) 4 2.0
Type of Module Event-Based Risk / Scenario (s) Page Number Material Management Unable to posting of any receiving transaction of material 8 Unable to posting of any issuance or crediting transactions 10 Unable to posting of any issuance transaction with incomplete STO 13 Logistic Management Logistics Non STO/ Freight service supply interruption during: i. Prior job request by BU ii. Prior vendor assignment after request by BU iii. After vendor assigned 16 Scrap Management Technical/major interruption on; i. Recycling process ii. Disposal process iii. Collection process 21 Product Inspection Module Supplier unable to apply PI/PDI during PCD system down 25 I-Case created but Work Order cannot be assigned due to PCD down 26 Inspector cannot submit result after completion of PI report 27 Product delivery cannot proceed in PCD (MM Module) during PCD system down 28 RPA does not create Lot number due to: i. Duplicate data in SAP Initial PI date from PO. ii. RPA does not function 29 • The BCP for PCD has been developed based on several event-based risk/scenario(s), as below (1/2): BUSINESS CONTINUITY PLAN (BCP) FOR PROCUREMENT CYCLE DIGITALIZATION (PCD) 5
• The BCP for PCD has been developed based on several event-based risk/scenario(s), as below (2/2): Type of Module Event-Based Risk / Scenario (s) Page Number Sourcing Management Business User or P&SC unable to raise Sourcing Request (SR). 32 Unable to proceed with Sourcing Approval (SA) - covers for New Sourcing only. 33 Unable to perform Sourcing Preparation (SP) - covers for New Sourcing with dependencies integration with SCMS. 34 Vendor unable to perform Vendor Submission through PCD and SCMS. 35 Unable to perform Tender Evaluation - covers for New Sourcing with dependencies integration with SCMS System. 36 Unable to enter details of sourcing in PCD and send to PS, TGBS for OA/ PO Creation. 37 BU and P&SC unable to retrieve the data from dashboard and reporting. (e.g., PR/SR list) 38 Failure on memo submission via PCD 40 Failure submission for tender committee approval 41 BUSINESS CONTINUITY PLAN (BCP) FOR PROCUREMENT CYCLE DIGITALIZATION (PCD) 6
BUSINESS CONTINUITY PLAN (BCP) FOR PROCUREMENT CYCLE DIGITALIZATION (PCD) Unit: Warehouse Operation Excellence Module: MATERIAL MANAGEMENT Lead by : Muhamad Hazmin Mohamed Hamzah Senior Manager Warehouse Operation ( North) Team members : WOE 1. Loganthiran M Rajan 2. Nurul Fathiah bt. Hassan 3. Muhamad Hazmin Mohamed Hamzah 4. Muhammad Faiz Baharullah 5. Muhamad Hafizul bin Mohd Nasir 7 3.0
BUSINESS CONTINUITY PLAN (BCP) FOR PCD MODULE: MATERIAL MANAGEMENT MODULE – MATERIAL DELIVERY No Event-Based Risk / Scenario (s) MTPD & RTO (Days/ Hours) Scenario Impact Financial / Commercial Operational Health, Safety & Environment Reputation IT/OT System Security / Availability / Reliability 1. Unable to posting of any receiving transaction of material MTPD 6 hours Delay and incomplete delivery cost = RM500k • Delay in receiving stock material • Interrupt issuance of material Vendor may need to re-arrange delivery (increase carbon footprint) • Tarnish TNB image and reputation • Customer lodge complaints to authorities and social media Prolong systems unavailable RTO 2 hours Delay and incomplete delivery cost = RM500k Delay in receiving stock material Vendor may need to re-arrange delivery (increase carbon footprint) Customer unhappy with delay of service delivery Temporary systems unavailable Continuity Strategy / Plan Pre-Event During Event Post Event 1. Liaise and maintain with ICT on the platform for backup data storage (i.e., cloud base & template) & auto-system to regularized document in PCD (PIC – PCD Rangers, ICT) 2. To have activation from higher level management via online platform/email on BCP execution (PIC – WOE SM Region) 3. Engage with ICT for official announcement/notification from operational level regarding PCD’s issues (PIC - DIPE) 4. Establish manual record update template/platform and ensure it is available and up to date (PIC – WH WE) 1. Inform relevant vendor/BE on the PCD system interruption (PIC – WH Operation) 2. Arrange vendors’ appointment on material receiving via email/phone (WH/RL) 3. To carry out inspection & defect through manual forms (PIC – WH Operation) 4. Good Receive (GR) transactions to be done through ERMS only (marked WOE in GR) (PIC – WH Operation) 5. Communicate regularly with ICT/DIPE/Support Vendor on PCD system recovery status (MM TEAM) 6. Gather information and communicate with GCC / Careline for any negative media sentiment, if required (PIC – KASE/DIPE) 1. Ensure all transactions during event are properly recorded in ERMS (PIC – WH Operation) 2. Liaise with ICT and ensure all open cases in MD Module is completed in PCD (PIC – PCD Rangers) 3. Engage with ICT on PCD regularization (auto-extract) (PIC – ICT/ PCD Rangers) 4. Conduct post-mortem, document and share lesson learnt (ALL) 5. Implement improvements based on post-mortem (RELEVANT UNIT) Dependencies Assumption (s) Internal External 1. TNB ICT 2. Group Corporate Communication (GCC) 3. TNB Careline 4. PTD – Monitor/revise delivery requirement 5. SCCT – set transportation if required 6. BU – to be informed on changes due to system interruption 7. TNB Labs – check on QI module 8. DIPE – interact with ICT to get system back online ASAP 1. Vendor / Supplier 1. Disruptions in PCD system delays on providing material for power supply 2. Due to PCD interruption, delivery of critical material impacted based on sample for rearrangement of delivery of 10,000 m Cable XLPE 1Core 500MMP @ RM500k. This will lead to other planned activities interrupted 8
WORKFLOW OF GOODS RECEIPT PROCESS FOR MATERIAL DELIVERY (MANUAL PROCESS) 9
BUSINESS IMPACT ANALYSIS ( BIA) FOR PCD MODULE: MATERIAL MANAGEMENT MODULE – MATERIAL COLLECTION & RETURN Continuity Strategy / Plan Pre Event During Event Post Event 1. Liaise and maintain with ICT on the platform for backup data storage (i.e., cloud base & template) & auto-system to regularized document in PCD (PIC – PCD Rangers, ICT) 2. To have activation from higher level management via online platform/email on BCP execution (PIC – WOE SM Region) 3. Engage with ICT for official announcement/notification from operational level regarding PCD’s issues (PIC - DIPE) 4. Establish manual record update template/platform and ensure it is available and up to date (PIC – WH WE) 1. Planned activities (Material & Breakdown Issuance or credit) to be done manually via ERMS (marked WOE in GI / GR) (PIC – WH Operation) 2. Carry out ERMS transactions requirement (i.e., picking list, vendor verification & PO, email from BU, sign specimens, outage ticket, PTW, credit note, official letter/memo) (PIC – WH Operation) 3. Arrange appointment of BU/KKB via email (PIC – WH Operation) 4. Acknowledge endorsement from BU’s higher-level management for impromptu collection (PIC – WH Operation) 5. Communicate/seek advice from Finance/Legal on any related finance/legal matters (e.g., fine, penalty, etc.) (PIC - PLA) 6. Gather information and communicate with GCC / Careline for any negative media sentiment, if required (PIC – KASE / DIPE) 1. Ensure all transactions during event are properly recorded in ERMS (PIC – WH Operation) 2. Liaise with ICT and ensure all open cases in MC & MR Module is completed in PCD (PIC – PCD Rangers) 3. Engage with ICT on PCD regularization (auto-extract) (PIC – ICT / PCD Rangers) 4. Conduct post-mortem, document and share lesson learnt (ALL) 5. Implement improvements based on post-mortem (RELEVANT UNIT) Dependencies Assumption (s) Internal External 1. Group Corporate Communication (GCC) 2. TNB Careline 3. TNB Finance 4. TNB Legal 5. BU 6. PTD – check / revise material allocation to BU 7. SCCT – prepare transportation whenever required 1. Vendor / KKB 2. SCCT Vendor 1. Disruptions in PCD system delays on providing material for power supply 2. Issuance of 10,000 m Cable XLPE 1Core 500MMP @ RM500k No Event-Based Risk / Scenario (s) MTPD & RTO (Days/ Hours) Scenario Impact Financial / Commercial Operational Health, Safety & Environment Reputation IT/OT System Security / Availability / Reliability 2. Unable to posting of any issuance or crediting transactions MTPD 6 hours • Cost for incomplete collection process & could not capitalize material = RM500k • Equipment failure cost = RM 500k • DOE fine cost = RM500k TOTAL = RM 1.5Million • Delayed in issuing / crediting of Stock Material • Improper management of SW material/scrap • Possible DoE fine or 2 years prison • Exposure to sudden equipment failure • Tarnish TNB image and reputation • Customer lodge complaints to authorities and social media Prolong systems unavailable RTO 2 hours Cost for incomplete collection process & could not capitalize material = RM500k • Delay in solving/close any breakdown • Interruption credit activity Delay of work completion at site Customer not satisfied Temporary systems unavailable 10
WORKFLOW OF GOODS RETURN PROCESS FOR MATERIAL RETURN (MANUAL PROCESS) 11
WORKFLOW OF GOODS ISSUE PROCESS FOR MATERIAL COLLECTION (MANUAL PROCESS) 12
BUSINESS CONTINUITY PLAN (BCP) FOR PCD MODULE: MATERIAL MANAGEMENT MODULE – MATERIAL COLLECTION - STO Continuity Strategy / Plan Pre Event During Event Post Event 1. Establish clear roles & responsibility within all parties involved (PIC - PTD, IMSM, WOE, BU) 2. Identify ERMS transactions requirement when MC & MR Module/system down i.e., GDN, GI & GR slip, Gate Pass (PIC – WH WE / WH Operation) 3. Liaise and maintain with ICT on the platform for backup data storage (i.e., cloud base & template) & auto-system to regularized document in PCD (PIC - DIPE) 1. For STO Created and pending Goods Issue (GI); Perform GI direct through ERMS and fill up related documents i.e., manual form (WOE) 2. For STO Created and pending Goods Receipt (GR); Perform GI direct through ERMS and fill up related documents i.e., manual form (WOE) 3. Coordinate SCCT Vendor’s appointment via email - copy picking list (PIC – PTD / WH Operation) 4. Scan related document for future reference (PIC – WH Operation) 5. For pending STO creation; Notify WOE & SCCT on manually STO created (DCC) 1. Ensure all transactions during event are properly recorded in ERMS (PIC – WH Operation) 2. Liaise with ICT and ensure all open cases in MC Module (with MCS) is completed in PCD (PIC – PCD Rangers) 3. Engage with ICT on PCD regularization (autoextract) (PIC – ICT / PCD Rangers) 4. Conduct post-mortem, document and share lesson learnt (ALL) 5. Implement improvements based on post-mortem (RELEVANT UNIT) Dependencies Assumption (s) Internal External 1. PTD (DCC) – monitor / revise STO plan 2. SCCT – Preparation of transport requirement 3. BU 1. Vendor / KKB 2. SCCT Vendor 1. Disruptionsin PCD system delays on providing material for power supply 2. Transferring of 10,000 m Cable XLPE 1Core 500MMP @ RM500k from store A to store B No Event-Based Risk / Scenario (s) MTPD & RTO (Days/ Hours) Scenario Impact Financial / Commercial Operational Health, Safety & Environment Reputation IT/OT System Security / Availability / Reliability 3. Unable to posting of any issuance transaction with incomplete STO MTPD 6 hours • Equipment replacement cost = RM 500k • Delay and incomplete delivery cost = RM500k TOTAL = RM 1mil • Delayed in issuing of Stock Material • Delay in completing work at site • Exposure to sudden equipment failure • Jeopardize installation at site • Tarnish TNB image and reputation • Customer lodge complaints to authorities and social media Prolong systems unavailable RTO 2 hours Delay and incomplete delivery cost = RM500k Delay in solving/close any breakdown Jeopardize installation at site Customer not satisfied Temporary systems unavailable 13
WORKFLOW OF GOODS RECEIPT & GOODS ISSUE PROCESS FOR MATERIAL COLLECTION - STO (MANUAL PROCESS) Delivery Command Center (DCC) Reservation Inquiry Form GI STO – Movement Type 351 GR – Movement Type 101 – PO No Serialized Movement Type 105 – PO Serialized 14
BUSINESS CONTINUITY PLAN (BCP) FOR PROCUREMENT CYCLE DIGITALIZATION (PCD) Unit: Supply Chain Control Tower Module: Logistics Management Lead by : Muhammad Nasyahrul b. Mohame Manager ( Logistics & Freight Management) Team members: SCCT 1. Nur Afifah bt. Basri 2. Nur Aqilah bt. Mohd Saeri 3. Ahmad Eizzat Bin Hj Azelan 15 4.0
BUSINESS CONTINUITY PLAN (BCP) FOR PCD MODULE: LOGISTICS MANAGEMENT (SCCT) No Event-Based Risk / Scenario (s) MTPD & RTO (Days/ Hours) Scenario Impact Financial / Commercial Operational Health, Safety & Environment Reputation IT/OT System Security / Availability / Reliability 1. Logistics Non STO/ Freightservice supply interruption during: i. Prior job request by BU ii. Prior vendor assignment after request by BU iii. After vendor assigned MTPD 6 hours Minimal impact on financial • Logistics Non STO/ Freight service delay/ operational disruption • SLA non-compliance/ breach No HSE noncompliance issue i.e., No penalty Minimal impact on image or reputation Prolong systems unavailable (ERMS) RTO 2 hours Minimal impact on financial Minimal impact on Logistics Non STO/Freight service delay/ operational disruption No HSE noncompliance issue i.e., No penalty No impact on image or reputation Temporary systems unavailable (ERMS) Continuity Strategy Pre-Event During Event Post Event 1. Ensure BCP for Logistics Non STO & Freight are in placed – Secondary process/ mitigation plan (manual process/ arrangement) according to scenario . i.e., document review/manual review, training for staff, drill ) (Logistics & Freight Section Manager) 2. Monitor system performance/ daily Logistics & Freight operation (Logistics & Freight Section PIC) 1. Activate/ implement BCP depending on scenario during the crisis (refer Logistics Manual process) (Logistics & Freight Section Manager) 2. Ensure all activities/data that were done manually being recorded during event (Logistics & Freight Section PIC) 3. Regular communication with BU through email/WhatsApp (Logistics & Freight Section PIC) 4. Regular communication with ICT/DIPE/support Vendor on PCD system recovery status (LOGISTIC) 5. Ensure Service SLA compliance at all time (Logistics & Freight Section PIC) 1. Liaise with ICT on recovery/ restoration of missing processes/ data in PCD during system failure/ downtime, if necessary (LOGISTIC) 2. Review secondary process/ mitigation plan, if required (LOGISTIC) 3. Conduct post-mortem to identify improvement (ALL) 4. Conduct post-mortem, document and share lesson learnt (ALL) 5. Implement improvements based on post-mortem (RELEVANT UNIT) Dependencies Assumption Internal External 1. Relevant BEs 2. TNB ICT – BPM/PCD 3. DIPE – PCD Support Team/ WSL 4. TGBS SSD 1. Vendors – Transportation/ MTO Panels 2. PCD’s Vendor Disruptions in PCD system delays on providing services on logistics management to Business Users 16
For Internal Use Only Roles Input Process Output Process No.: 4.5.2 Revision No.: Version 1.0 Process Name: Logistics Planning-NON STO Revision Date: 25 September 2018 Prepared By: Ruqayyah Alwi Reviewed By: Muhammad Faiz Baharullah Approved By: Nor Aishah Zainal Logistics Technician / Logistics Clerk Logistics Senior Manager Logistics Executive Received request for transportation. Cargo Am (form Arahan Pengangkutan (AP) ) Logistics Manager Job execute and supervise by user Create PR (ERMS) Division/ Requestor Request for transportation Cargo AM PSS 10 working Days Select transporter from Panel List Release PR (ERMS) 3.1.4 Generate & approve PO (Manual) 3.1.5 Generate & approve PO (Auto) END Site Visit upon request Setting site visit with user & vendor to ensure the right equipment will be use Sending transport information to user Received Delivery Order from vendor signing by user respective Logistic Admin Create Sales Order (SO) (ERMS) Vendor Service Acceptance Completing WBCS TECO Auto Billing Accept SE (e-invoice) YES NO Perform Service Entry (SE) via e-invoice Workorder charged accordingly LMS will be use after 2019 WORKFLOW OF LOGISTICS PLANNING –NON STO ( MANUAL PROCESS) 17
For Internal Use Only Roles Input Process Output Process No.: 4.5.1 Revision No.: Version 1.0 Process Name: Logistics Planning for STO Revision Date: 25 September 2018 Prepared By: Ruqayyah Alwi Reviewed By: Muhammad Faiz Baharullah Approved By: Nor Aishah Zainal Logistics Manager RPA Logistics Senior Manager Logistics Executive Logistics Clerk 3PL Transporter DCC 10 working Days Warehouse Storekeeper & Logistics Rep. Sending STO Warehouse Storekeeper (Receiving STO) DCC order management for Logistics Planning STO Logistics generated Planning route & suggest load Create PR & Release P R Create & Release PO Download planning from shared drive Finalize load, route planning & loading list Select & Notify Transporter Upload planning to server Transport arrive & loading. Prepare GDN Perform delivery Received GDN Received material Verify GDN & GR Material Notification END Service Entry Service Acceptance Process will be use on 2019 WORKFLOW OF LOGISTICS PLANNING – STO ( MANUAL PROCESS) 18
For Internal Use Only Roles Process Input Process No.: 4.6.1 Revision No.: Version 2.0 Process Name: Freight Management – Air, Sea & Inland Transport Revision Date: 30 July 2017 Prepared By: Muhammad Nasyahrul Bin Mohamed Kassim Reviewed By: Mohd Salehuddin bin Ibrahim Approved By: Nor Aishah binti Zainal Freight Operation Chief Clerk Freight Operation Executive Received request for freight service [Freight Service Request Form (RF)] and Shipping Documents [Commercial Invoice & packing List (CI & P L)] Freight Manager Create PR Freight Operation Clerk MTO selection based on rotation / award Received overseas agent details and forward to div. /subsidiary Received vessel/ flight schedule and other coordination work between div. /subsidiary & supplier Custom Mgmt Executive Freight Senior Manager Initiate online payment (duty import/GST) to Custom (FSPG) Online verification for import duty/GST payment Release PR Endorse payment (duty import/GST) to Custom through online (FSPG) Process online payment (duty import/GST) to custom Received delivery notification to final destination and inform div. / subsidiary accordingly QM/GM Warehouse & Logistic Management Division/ Subsidiary Submit request Procurement Shared Services Executive Approve payment (duty import/GST) to Custom (FSPG) (By Sea – 45 days) (By Air – 14 days) (Inland – 7 days) Check whether shipping docs/ info is sufficient Issue Shipping Instruction (SI) to selected / awarded MTO 3.1.4 Generate & approve PO (Manual) 3.1.5 Generate & approve PO (Auto) Received draft Custom Form 1 (K1 Form) to be verified / to prepare Bank Guarantee / to provide Tax Exemption Approval Received registered K1 form for import duty/GST payment Perform (TECO) Auto Billing Perform Service Acceptance Perform SE Receive PO and process invoice MTO END Output Receive charging through ERMS WORKFLOW OF FREIGHT MANAGEMENT ( MANUAL PROCESS) 19
BUSINESS CONTINUITY PLAN (BCP) FOR PROCUREMENT CYCLE DIGITALIZATION (PCD) Unit : Warehouse Operation Excellence Module: Scrap Management Lead by : En Mohd Nazri Mohamad Yusoff Senior Manager ( Scrap & Scheduled Waste Management) Team members: SSWM 1. Amir Helmy B. Yusof 2. Zaini Sadari 3. Mohd Saiful bin Baharom 4. Mohd Hafizi bin Yusof @ Abd Talib 20 5.0
BUSINESS CONTINUITY PLAN (BCP) FOR PCD MODULE: SCRAP MANAGEMENT No Event-Based Risk / Scenario (s) MTPD & RTO (Days/ Hours) Crisis Impact Financial / Commercial Operational Health, Safety & Environment Reputation IT/OT System Security / Availability / Reliability 1. Technical/major interruption on; i. Recycling process ii. Disposal process iii. Collection process *Offer letter to vendors for sale/disposal of scraps MTPD 5 days • Revenue loss = RM500k • Compound fee = RM100k • Cleaning cost = RM 200k TOTAL – RM 300k • Disruption of BU crediting of excess item/used material to stores due to space constraint • Unable to sell scrap • Potential legal implication i.e., compound from DOE on Storage of SW > 20MT/180 days • Possible environmental pollution within compound Minimal impact on image or reputation with high potential for recovery Prolong systems unavailable (ERMS) RTO 3 days Revenue loss = RM300k • Temporary disruption of BU crediting of excess material • Unable to sell scrap Possible breach of threshold on max SW storage capacity>20MT or 180 days Minimal impact on image or reputation with high potential for recovery Temporary systems unavailable (ERMS) Continuity Strategy Pre-Crisis During Crisis Post Crisis 1. Ensure manual process for offer to sale/disposal of scrap up to date (Manager SSWM-WOE) 2. Execute sale/disposal of scrap and SW promptly (SSWMWOE) 3. Monitor the storage capacity with preliminary capping of 14MT of SW storage as unhealthy indicator for immediate action (SSWM-WOE) 4. Ensure vendors’ contact details for scheduled waste (SW) cleaning available and up to date (Manager SSWM-WOE) 1. Activate manual process for offer to sale/disposal of scrap to appointed vendors (Manager SSWM -WOE) 2. Communicate with vendor closely to ensure timely payment and collection are made for each transaction (Manager SSWM-WOE) 3. Coordinate vendor for SW cleaning and seek TNB HSE advices, if required (Manager SSWM-WOE) 4. Communicate/seek advice from Finance/Legal on any related finance/legal matters (e.g., fine, penalty, etc.) (Manager SSWMWOE) 5. Regular communication with ICT/DIPE/support Vendor on PCD system recovery status (SSWM-WOE) 1. Conduct post-mortem on selling of scraps/SW volumes (ALL) 2. Prepare report on the overall manual transactions (Manager SSWM-WOE) Dependencies Assumption Internal External 1. Business Units 2. TNB HSE 3. TNB ICT 1. DOE -Kementerian Alam Sekitar dan Air (KASA) 2. KETSA – Kementerian Tenaga dan Sumber Asli • Disruption of PCD system will have minimal impact on sale and disposal of scrap/SW due to the fact that manual process can be executed during the absence of PCD system. • Business units involved = Grid & DN • Estimated revenue loss per day = RM100k 21
22
SAMPLE DOCUMENT : MANUAL OFFER LETTER TO SCRAP VENDOR 23
BUSINESS CONTINUITY PLAN (BCP) FOR PROCUREMENT CYCLE DIGITALIZATION (PCD) Unit : Plan to Deliver Module: PRODUCT INSPECTION MODULE Lead by : Azrina Othman Team members: PTD 1. Abdul Azim Shafi b. Rushdi 2. Muhammad Ridhwan b. Mohd Kamal 3. Muhammad Faqih b. Othman 4. Ir. Ts. Nurhisyam b. Mohamed Mustafa 5. Raja Muhammad Daniel b. Raja Ahmad Tajuddin 6. Wan Nur Adibah Binti Wan Ahmad 7. Anandy A/P K Gnanapragasam 8. Mohamad Syafiq B. Zainal Abidin (TNB Labs) 24 6.0
BUSINESS CONTINUITY PLAN (BCP) FOR PCD MODULE: PIM MODULE No Event-Based Risk / Scenario (s) MTPD & RTO (Days/ Hours) Scenario Impact Financial / Commercial Operational Health, Safety & Environment Reputation IT/OT System Security / Availability / Reliability 1. Supplier unable to apply PI/PDI during PCD down MTPD 24 hours Minimal impact on financial* Material unavailability causing; • Delay on delivery time • Delay on project completion No HSE noncompliance N/A Minimal impact on system security RTO 4 Hours Minimal impact on financial* Material unavailability causing: • Minimal delay on delivery time (within requirement) • Minimal delay on project commissioning No HSE noncompliance N/A Minimal impact on system security Continuity Strategy / Plan Pre-Event During Event Post Event 1. Plan and conduct drill involving scenario where supplier unable to apply PI/PDI due to overall PCD system failure (DIPE & QAQC) 2. Develop and ensure manual excel template of PI/PDI application is available (DIPE & QAQC) Note: To be given when supplier report PCD down via SSD 3. Establish process flow for overall PCD BCP (DIPE) 4. Engage and brief supplier on how to apply PI/PDI when BCP is activated (QAQC) 1. Monitor and check email from supplier regularly when BCP is activated (QAQC) 2. Create Lot Number manually to be used during delivery, i.e., RR Module (QAQC). 3. Submit PI/PDI application in Excel form to TNB LABS coordinator (QAQC). 4. Create work order manually, with assigned inspector (TNB Lab coordinator). 5. Conduct PI/PDI on agreed date and prepare the PI Report (Inspectors). 6. Ensure material is delivered to warehouse based on manual process (QAQC and Warehouse Rep) 1. Liaise with ICT on recovery/ restoration of missing processes/ data in PCD during system failure/ downtime, if necessary (LOGISTIC/PCD Superuser). Dependencies Assumption (s) Internal External 1. ICT 2. TNB LABS 3. DIPE 1. Supplier / Vendor 1. Record for manual to be kept outside PCD if the process inspection done manually at first stage (manual lot number creation). 2. Calculation of LAD : 0.15% of the Contract Price* (Maximum is 15% of the Contract Price) 25
BUSINESS CONTINUITY PLAN (BCP) FOR PCD MODULE: PIM MODULE No Event-Based Risk / Scenario (s) MTPD & RTO (Days/ Hours) Scenario Impact Financial / Commercial Operational Health, Safety & Environment Reputation IT/OT System Security / Availability / Reliability 2. I-Case created but Work Order cannot be assigned due to PCD down MTPD 24 hours Minimal impact on financial* Material unavailability causing; • Delay on delivery time • Delay on project completion No HSE noncompliance N/A Minimal impact on system security RTO 4 Hours Minimal impact on financial* Material unavailability causing: • Minimal delay on delivery time (within requirement) • Minimal delay on project commissioning No HSE noncompliance N/A Minimal impact on system security Continuity Strategy / Plan Pre-Event During Event Post Event 1. Plan and conduct drill involving scenario where I-Case created but Work Order cannot be assigned due to overall PCD system failure (DIPE & QAQC) 2. Establish process flow for overall PCD BCP (DIPE) 1. Create work order manually, with assigned inspector (TNB Lab coordinator). 2. Conduct PI/PDI on agreed date and prepare the PI Report (Inspectors). 1. Conduct post-mortem, document and share lesson learnt (ALL) 2. Propose approved resource needed to expedite recovery (Taskforce) Dependencies Assumption (s) Internal External 1. TNB LABS 2. ICT 3. DIPE 1. Vendor / Supplier 1. Calculation of LAD : 0.15% of the Contract Price* (Maximum is 15% of the Contract Price) 26
No Event-Based Risk / Scenario (s) MTPD & RTO (Days/ Hours) Scenario Impact Financial / Commercial Operational Health, Safety & Environment Reputation IT/OT System Security / Availability / Reliability 3. Inspector cannot submit result after completion of PI report MTPD 24 hours Minimal impact on financial* Material unavailability causing; • Delay on delivery time • Delay on project completion No HSE noncompliance N/A Minimal impact on system security RTO 4 Hours Minimal impact on financial* Material unavailability causing: • Minimal delay on delivery time (within requirement) • Minimal delay on project commissioning No HSE noncompliance N/A Minimal impact on system security Continuity Strategy / Plan Pre-Event During Event Post Event 1. Plan and conduct drill involving scenario where Inspector cannot submit result after completion of PI report due to overall PCD system failure (DIPE & QAQC) 2. Establish process flow for overall PCD BCP (DIPE) 1. Prepare and submit PI/PDI report to TNB LABS coordinator PTD coordinator via email (Inspectors). 2. Ensure vendor submit serialized number to TNB LABS coordinator using Excel template (TNB Lab Coordinator). 3. Perform RR and inform vendor of RR status as completed (TNB Lab Coordinator). 1. Conduct post-mortem, document and share lesson learnt (ALL) 2. Propose approved resource needed to expedite recovery (Taskforce) Dependencies Assumption (s) Internal External 1. TNB LABS 2. ICT 3. DIPE 1. Vendor / Supplier 1. Calculation of LAD : 0.15% of the Contract Price* (Maximum is 15% of the Contract Price) BUSINESS CONTINUITY PLAN (BCP) FOR PCD MODULE: PIM MODULE 27
Continuity Strategy / Plan Pre-Event During Event Post Event 1. Plan and conduct drill involving scenario where product delivery cannot proceed in PCD (MM Module) due to overall PCD system failure (DIPE & QAQC) 2. Establish process flow for overall PCD BCP (DIPE) 1. Engage supplier to perform request delivery via email to Warehouse storekeeper including full documentation such as RR status (DIPE & QAQC) 1. Conduct post-mortem, document and share lesson learnt (ALL) 2. Propose approved resource needed to expedite recovery (Taskforce) Dependencies Assumption (s) Internal External 1. Warehouse Storekeeper 2. DIPE 1. Vendor / Supplier 1. Calculation of LAD : 0.15% of the Contract Price* (Maximum is 15% of the Contract Price) No Event-Based Risk / Scenario (s) MTPD & RTO (Days/ Hours) Scenario Impact Financial / Commercial Operational Health, Safety & Environment Reputation IT/OT System Security / Availability / Reliability 4. Product delivery cannot proceed in PCD (MM Module) during PCD down MTPD 24 hours Minimal impact on financial* Material unavailability causing; • Delay on delivery time • Delay on project completion No HSE noncompliance N/A Minimal impact on system security RTO 4 Hours Minimal impact on financial* Material unavailability causing: • Minimal delay on delivery time (within requirement) • Minimal delay on project commissioning No HSE noncompliance N/A Minimal impact on system security BUSINESS CONTINUITY PLAN (BCP) FOR PCD MODULE: PIM MODULE 28
Continuity Strategy / Plan Pre-Event During Event Post Event 1. Monitor absence of notification via email regularly (QAQC) 2. Educate vendor to check on existing PI request (QAQC) 3. Educate vendor to request for module if deleted during PCD maintenance (QAQC) 1. Create manual lot number through ERMS (QAQC) 2. Report issue to ICT through MySSC (QAQC) 1. Conduct post-mortem, document and share lesson learnt (ALL) Dependencies Assumption (s) Internal External 1. ICT 2. TNB LABS 3. DIPE 1. Supplier/Vendor 1. Calculation of LAD : 0.15% of the Contract Price* (Maximum is 15% of the Contract Price) No Event-Based Risk / Scenario (s) MTPD & RTO (Days/ Hours) Scenario Impact Financial / Commercial Operational Health, Safety & Environment Reputation IT/OT System Security / Availability / Reliability 5. RPA does not create Lot number due to: i. Duplicate data in SAP Initial PI date from PO. ii. RPA does not function MTPD 24 hours Minimal impact on financial* Material unavailability causing; • Delay on delivery time • Delay on project completion No HSE noncompliance N/A Minimal impact on system security RTO 4 Hours Minimal impact on financial* Material unavailability causing: • Minimal delay on delivery time (within requirement) • Minimal delay on project commissioning No HSE noncompliance N/A Minimal impact on system security BUSINESS CONTINUITY PLAN (BCP) FOR PCD MODULE: PIM MODULE 29
BUSINESS CONTINUITY PLAN (BCP) FOR PROCUREMENT CYCLE DIGITALIZATION (PCD) Group : Sourcing Management KASE & CATEX Module: Sourcing Management 30 7.0
BCP team members: Category Owner (CATEX) • 1. Maizatul Nadzeera bt. Ridwan • 2. Noraishah Binti Mohd Rosdi • 3. Sharidatul Husna binti Hamidon • 4. Amir Zaki b. Azhar • 5. Mohd Shaufiq bin Rosli • 6. Khairul Faizal b. Nordin • 7. Farhah Nur Munirah bt Fazil CSMI (CATEX) • 1. Mohd Izzad bin Ahmad Zabidi • 2. Nor Suzalwani Sulaiman • 3. Ruqayyah binti Alwi GCTS 1. Ahmad Murshid bin Musa, Ts. 2. Shahrul Noor Jihan bt Maidin KASE (TM) 1. Noor Azawati Mohd 2. Sabeena Mohd Yusoof 3. Raja Iskandar Bin Raja Idris KASE (KAM) 1. Raja Zirwatul Aiffa Raja Ibrahim 2. Indra Wadevelo 31
BUSINESS CONTINUITY PLAN (BCP) FOR PCD MODULE: SOURCING No Event-Based Risk / Scenario (s) MTPD & RTO (Days/ Hours) Scenario Impact Financial / Commercial Operational Health, Safety & Environment Reputation IT/OT System Security / Availability / Reliability 1. Business User or P&SC unable to raise Sourcing Request (SR). MTPD >24 hours 1. High utilization of CAPEX and OPEX resulted to EBIT loss = RM 500k 2. Penalty fee = RM 500k TOTAL = RM 1mil 1. Works/ services/ material award delayed. 2. TNB’s operational/ critical functions delayed 1. Non-compliance to HSE requirements. 1. Tarnish P&SC & ICT image and reputation 2. Low CSI/ SLA score. 1. PCD integration with ERMS malfunction might cause data error. RTO <24 hours 1. Minimal utilization of CAPEX and OPEX resulted to EBIT loss = RM 500k 2. Penalty fee = RM 500k TOTAL = RM 1 mil 1. Works/ services/ material award delayed. 2. TNB’s operational/ critical functions delayed 1. Non-compliance to HSE requirements. 1. Tarnish TNB image and reputation 2. Low CSI/ SLA score. 1. PCD integration with ERMS malfunction might cause data error. Continuity Strategy / Plan Pre-Event During Event Post Event 1. Conduct awareness/briefing on BCP Plan to BU and P&SC Staffs (KASE & CATEX). 2. Prepare war room and communication plan to activate BCP e.g., announcement to BU & P&SC (DIPE, KASE & CATEX). 3. Establish group to assign SR manually to Lead and personnel to execute based on type, purchasing org/ group and value (KASE & CATEX) 1. Blast communication for system offline (DIPE) 2. Prepare SR submission through MySSC/ Online Form with group email for BU support and queries (DIPE) 3. Manual recording to prevent data loss/ missing (KASE & CATEX) Scenario: ERMS system is live: - a) PR creation for POWC will be done in ERMS. b) SR submission manually using MySSC/ Online Form with PDF attached. 1. Liaise with ICT to transfer details of SR data into PCD system and assign Lead and PIC (DIPE, KASE & CATEX) 2. Request tender data tab using MySSC to be able to update SR to awarded when completed (KASE & CATEX) Dependencies Assumption (s) Internal External 1. Business Unit 2. KASE (Unplanned) 3. CATEX (Planned, Post Award) 4. DIPE 5. ICT N/A 1. For POWC, it is highly dependent on ERMS system. ERMS system is assumed to be able to recover within MTPD for BCP to be successful or else POWC cannot be executed. 2. SR covers for New Sourcing, Post Award, PUCC and IA with dependencies integration with ERMS (POWC). 32
No Event-Based Risk / Scenario (s) MTPD & RTO (Days/ Hours) Scenario Impact Financial / Commercial Operational Health, Safety & Environment Reputation IT/OT System Security / Availability / Reliability 2. Unable to proceed with Sourcing Approval (SA) - covers for New Sourcing only. MTPD >24 hours 1. High utilization of CAPEX and OPEX resulted to EBIT loss = RM 500k 2. Penalty fee = RM 500k TOTAL = RM 1 mil 1. Works/ services/ material award delayed. 2. TNB’s operational/ critical functions delayed 1. Non-compliance to HSE requirements. 1. Tarnish P&SC & ICT image and reputation 2. Low CSI/ SLA score. N/A RTO <24 hours 1. Minimal utilization of CAPEX and OPEX resulted to EBIT loss = RM 500k 2. Penalty fee = RM 500k TOTAL = RM 1mil 1. Works/ services/ material award delayed. 2. TNB’s operational/ critical functions delayed 1. Non-compliance to HSE requirements. 1. Tarnish TNB image and reputation 2. Low CSI/ SLA score. N/A Continuity Strategy / Plan Pre-Event During Event Post Event 1. Conduct awareness/briefing on BCP Plan to P&SC Staffs (CATEX, KASE & DIPE) 2. Establish process and requirement for the preparation of document of Sourcing Approval Process through offline method (CATEX, KASE) 3. Prepare war room and communication plan to activate BCP e.g., announcement to P&SC (DIPE, CATEX & KASE) 1. Blast communication for system offline (DIPE) 2. Manual recording to prevent data loss/ missing (KASE & CATEX) 3. Proceed with offline method for Sourcing Approval (KASE & CATEX) 4. Proceed with offline method for next steps (not using PCD) (KASE & CATEX): - • Tender floatation directly in SCMS. • Evaluate manual tender • Prepare manual memo • Offline tender sitting and approval. • OA/ PO request through MySSC. 1. Request tender data tab using MySSC to be able to update SR to awarded when completed (KASE & CATEX) Dependencies Assumption (s) Internal External 1. KASE 2. CATEX 3. DIPE 4. ICT N/A N/A BUSINESS CONTINUITY PLAN (BCP) FOR PCD MODULE: SOURCING 33
No Event-Based Risk / Scenario (s) MTPD & RTO (Days/ Hours) Scenario Impact Financial / Commercial Operational Health, Safety & Environment Reputation IT/OT System Security / Availability / Reliability 3. Unable to perform Sourcing Preparation (SP) - covers for New Sourcing with dependencies integration with SCMS. MTPD >24 hours 1. High utilization of CAPEX and OPEX resulted to EBIT loss 2. Penalty based rules and regulations 1. Works/ services/ material award delayed. 2. TNB’s operational/ critical functions delayed 1. Non-compliance to HSE requirements. 1. Tarnish P&SC & ICT image and reputation 2. Low CSI/ SLA score. 1. PCD integration with SCMS malfunction might cause data error. RTO <24 hours 1. Minimal utilization of CAPEX and OPEX resulted to EBIT loss 2. Penalty based rules and regulations 1. Works/ services/ material award delayed. 2. TNB’s operational/ critical functions delayed 1. Non-compliance to HSE requirements. 1. Tarnish TNB image and reputation 2. Low CSI/ SLA score. 1. PCD integration with SCMS malfunction might cause data error. Continuity Strategy / Plan Pre-Event During Event Post Event 1. Conduct awareness/briefing on BCP Plan to BU and P&SC Staffs (CATEX, KASE & DIPE) 2. Establish process and requirement for the preparation of of document for Offline Tender Process (CATEX, KASE) 3. Prepare war room and communication plan to activate BCP e.g., announcement to P&SC (CATEX, KASE & DIPE) 4. Ensure established offline tender method is relevant and up-to-date to current SCMS process. 1. Blast communication for system offline (DIPE) 2. Manual recording to prevent data loss/ missing (KASE & CATEX) Scenario 1: SCMS system is live (KASE & CATEX) a) Proceed with tender floatation directly in SCMS. b) Evaluate manual tender c) Prepare manual memo d) Offline tender sitting and approval. e) OA/ PO request through MySSC. Scenario 2: SCMS system malfunction (system down) (KASE & CATEX) a) Proceed with offline tender (using established method, i.e., manual printed documents). 1. Request tender data tab using MySSC to be able to update SR to awarded when completed (KASE & CATEX) Dependencies Assumption (s) Internal External 1. KASE 3.DIPE 2. CATEX 4. ICT 1. Vendor/ Supplier N/A BUSINESS CONTINUITY PLAN (BCP) FOR PCD MODULE: SOURCING 34
Continuity Strategy / Plan Pre-Event During Event Post Event 1. Conduct awareness/briefing on BCP Plan to ICT, SSD TGBS and P&SC Staffs (CATEX, KASE & DIPE) 2. Prepare guidelines to vendor on offline vendor and document submission (DIPE) 3. Identify / ensure support channel is available (DIPE) 4. Prepare war room and communication plan to activate BCP e.g., announcement to P&SC (CATEX, KASE & DIPE) 1. Blast communication for system offline (DIPE) 2. Activate support channel during BCP activation (DIPE & ICT) 3. Manual recording to prevent data loss/ missing (CATEX, KASE) Scenario 1: SCMS system is live (CATEX, KASE) a) If system recovers before tender closing, submission can be done online. b) If system unable to recover before tender closing, submission cannot be done online. c) For both situations, perform addendum to extend tender from PCD and SCMS when systems recover. Scenario 2: SCMS system malfunction (system down) (CATEX, KASE) a) Proceed with offline tender submission (using established method). 1. Liaise with ICT to transfer details of vendor submission data into PCD system (DIPE) Dependencies Assumption (s) Internal External 1. KASE 2. CATEX 3. DIPE 4. ICT 5. SSD, TGBS 1. Vendor/ Supplier N/A No Event-Based Risk / Scenario (s) MTPD & RTO (Days/ Hours) Scenario Impact Financial / Commercial Operational Health, Safety & Environment Reputation IT/OT System Security / Availability / Reliability 4. Vendor unable to perform Vendor Submission through PCD and SCMS. MTPD >24 hours Increase of works/ services/ material price based on current market price 1. Works/ services/ material award delayed. 2. TNB’s operational/ critical functions delayed 1. Non-compliance to HSE requirements. 1. Tarnish P&SC & ICT image and reputation 2. Low CSI/ SLA score. 1. PCD integration with SCMS malfunction might cause data error. RTO <24 hours Increase of works/ services/ material price based on current market price 1. Works/ services/ material award delayed. 2. TNB’s operational/ critical functions delayed 1. Non-compliance to HSE requirements. 1. Tarnish TNB image and reputation 2. Low CSI/ SLA score. 1. PCD integration with SCMS malfunction might cause data error. BUSINESS CONTINUITY PLAN (BCP) FOR PCD MODULE: SOURCING 35
No Event-Based Risk / Scenario (s) MTPD & RTO (Days/ Hours) Scenario Impact Financial / Commercial Operational Health, Safety & Environment Reputation IT/OT System Security / Availability / Reliability 5. Unable to perform Tender Evaluation - covers for New Sourcing with dependencies integration with SCMS System. MTPD >24 hours 1. High utilization of CAPEX and OPEX resulted to EBIT loss 2. Penalty based rules and regulations 1. Works/ services/ material award delayed. 2. TNB’s operational/ critical functions delayed 1. Noncompliance to HSE requirements. 1. Tarnish P&SC & ICT image and reputation 2. Low CSI/ SLA score. 1. PCD integration with other systems ERMS and SCMS malfunction might cause data error. RTO <24 hours 1. Minimal utilization of CAPEX and OPEX resulted to EBIT loss 2. Penalty based rules and regulations 1. Works/ services/ material award delayed. 2. TNB’s operational/ critical functions delayed 1. Noncompliance to HSE requirements. 1. Tarnish TNB image and reputation 2. Low CSI/ SLA score. 1. PCD integration with other systems ERMS and SCMS malfunction might cause data error. Continuity Strategy / Plan Pre-Event During Event Post Event 1. Conduct awareness/briefing on BCP Plan to P&SC Staffs (CATEX, KASE & DIPE) 2. Prepare guidelines on offline tender evaluation process (CATEX, KASE & DIPE) 3. Prepare war room and communication plan to activate BCP e.g announcement to P&SC (CATEX, KASE & DIPE) 1. Blast communication for system offline (DIPE) 2. Manual recording to prevent data loss/ missing (CATEX, KASE) Scenario 1: SCMS system is live (CATEX, KASE) a) Monitor documents submission by vendor through SCMS. b) Conduct online evaluation when system recovers. c) If system offline prolonged, evaluation steps and onwards can be done through offline method. Scenario 2: SCMS system malfunction (system down) (CATEX, KASE) a) Proceed with offline evaluation. Retrieval of document can be requested to ICT. b) Evaluation steps and onwards can be done through offline method. Request tender data tab using MySSC to be able to update SR to awarded when completed (CATEX, KASE) Dependencies Assumption (s) Internal External 1. KASE 2. CATEX 3. BU 4. DIPE 5. ICT N/A N/A BUSINESS CONTINUITY PLAN (BCP) FOR PCD MODULE: SOURCING 36
No Event-Based Risk / Scenario (s) MTPD & RTO (Days/ Hours) Scenario Impact Financial / Commercial Operational Health, Safety & Environment Reputation IT/OT System Security / Availability / Reliability 6. Unable to enter details of sourcing in PCD and send to PS, TGBS for OA/ PO Creation. MTPD >24 hours 1. High utilization of CAPEX and OPEX resulted to EBIT loss 2. Penalty based rules and regulations 1. Works/ services/ material award delayed. 2. TNB’s operational/ critical functions delayed 1. Non-compliance to HSE requirements. 1. Tarnish P&SC & ICT image and reputation 2. Low CSI/ SLA score. 1. PCD integration with other systems ERMS and SCMS malfunction might cause data error. RTO <24 hours 1. Minimal utilization of CAPEX and OPEX resulted to EBIT loss 2. Penalty based rules and regulations 1. Works/ services/ material award delayed. 2. TNB’s operational/ critical functions delayed 1. Non-compliance to HSE requirements. 1. Tarnish TNB image and reputation 2. Low CSI/ SLA score. 1. PCD integration with other systems ERMS and SCMS malfunction might cause data error. Continuity Strategy / Plan Pre-Event During Event Post Event 1. Conduct awareness/briefing on BCP Plan to PS, TGBS and P&SC Staffs (CATEX, KASE & DIPE) 2. Prepare guidelines requesting OA/PO through MySSC (DIPE) 3. Prepare war room and communication plan to activate BCP e.g announcement to P&SC (CATEX, KASE & DIPE) 1. Blast communication for system offline (DIPE) 2. Manual recording to prevent data loss/ missing (CATEX, KASE) 3. Create MySSC ticket with details of awarded PR/ Contract to PS, TGBS (CATEX, KASE) 1. Liaise with PS, TGBS and ensure OA/PO number is updated in PCD (CATEX, KASE & DIPE) Dependencies Assumption (s) Internal External 1. KASE 2. CATEX 3. DIPE 4. PS, TGBS 5. ICT N/A N/A BUSINESS CONTINUITY PLAN (BCP) FOR PCD MODULE: SOURCING 37
No Event-Based Risk / Scenario (s) MTPD & RTO (Days/ Hours) Scenario Impact Financial / Commercial Operational Health, Safety & Environment Reputation IT/OT System Security / Availability / Reliability 7. BU and P&SC unable to retrieve the data from dashboard and reporting. (e.g., PR/SR list) MTPD >48 hours No direct impact. No direct impact. No direct impact. Delay in SLA Report. N/A RTO <48 hours No direct impact. No direct impact. No direct impact. Delay in SLA Report. N/A Continuity Strategy / Plan Pre-Event During Event Post Event 1. Conduct/awareness briefing on BCP Plan to BU and P&SC Staffs (CATEX, KASE & DIPE) 2. Prepare communication plan to activate BCP e.g., announcement to P&SC (DIPE) 1. Blast communication for system offline (DIPE) 2. Manual recording to prevent data loss/ missing (CATEX, KASE) 1. Request ICT to retrieve data from backend (CATEX, KASE & DIPE) Dependencies Assumption (s) Internal External 1. KASE 2. CATEX 3. DIPE 4. ICT N/A N/A BUSINESS CONTINUITY PLAN (BCP) FOR PCD MODULE: SOURCING 38
BUSINESS IMPACT ANALYSIS (BIA) AND BUSINESS CONTINUITY PLAN FOR PCD Module: SOURCING – TENDER SECRETARIAT Team Members: 1. AHMAD MURSHID MUSA 2. SHAHRUL NOOR JIHAN MAIDIN SCENARIO # FAILURE ON MEMO SUBMISSION VIA PCD SCENARIO # FAILURE SUBMISSION FOR TENDER COMMITTEE APPROVAL 39
BUSINESS IMPACT ANALYSIS ( BIA) PCD MODULE: XXXXXXX MODULE No Event-Based Risk / Scenario (s) MTPD & RTO (Days/ Hours) Scenario Impact Financial / Commercial Operational Health, Safety & Environment Reputation IT/OT System Security / Availability / Reliability 8. Failure on memo submission to TSPIC via PCD for tender committee physical sitting. - Within stipulated period (before tender committee sitting – DTC, PSCTC- 3 Days, GMTC – 7 Days) - A) CMPIC created memo failed to submit to TSPIC – CMPIC to take action - B) Memo submitted to TSPIC and failed to perform next process. MTPD *Maximum Tolerable Period of Disruption (days/ hours) 24 hours 1. Increase manhour cost 2. Increase facilities cost 1. Approval & delivery process can be delayed. 2. Procurement Lead Time. 3. Insufficient time preparation to organize sitting. NA 1. Permanent losses in image & reputation due to long procurement process. 2. Lack of SLA achievements and target. 3. Unplanned and lack of organized process. Prolong systems unavailable (downtime) RTO *Recovery Time Objective (days/hours) < 24 hours 1. Increase manhour cost 2. Increase facilities cost 1. Approval & delivery process can be delayed. 2. Procurement Lead Time. NA Minimal impact on image or reputation Temporary systems unavailable (downtime) Continuity Strategy / Plan Pre Activity During Activity Post Activity 1. CMPIC Immediately report the incident through mySSC and inform TSPIC 2. TSPIC to get endorsement from Tender Committee’s Chairman to start with BCP. 3. Activate manual process of memo submission, memo checking, preparation of meeting agenda, upload memo in server/TNB cloud/ convene or any relevant platform. 4. Active notification via email/whatsApp for tender committee sitting & CMPIC 1. TSPIC to activate manual process for tender committee sitting/circulation and action sheet issuances. 2. TSPIC to activate online conference / meeting platform. 3. TSPIC to notify memo creator to provide relevant documents such as Form A, Form B And Form C. 4. TSPIC to activate manual submission of action sheet to PSS, TGBS for contract documentation. 1. Gathered post-mortem from administrator (e.g. assessment, system & report). 2. Administrator to provide platform for regularization process. 3. CMPIC To regularize memo data entry for memo submitted via PCD before crashed. 4. TSPIC to regularize action sheet update into PCD after system recovery 5. Administrator to inform on system recovery status to respective users. Dependencies Assumption Internal External 1. Initiator (CATEX, KASE) 2. TNB Business Unit 3. Procurement Services, TGBS 4. Tender Committee Members 5. ICT NA 1. Disruption on PCD system will impact on memo submission, approval process and delays the award process accordingly. 2. Procurement Leadtime can not be met. 3. Service Level Agreement(SLA) timeline exceeded. 40
BUSINESS IMPACT ANALYSIS ( BIA) PCD MODULE: XXXXXXX MODULE No Event-Based Risk / Scenario (s) MTPD & RTO (Days/ Hours) Scenario Impact Financial / Commercial Operational Health, Safety & Environment Reputation IT/OT System Security / Availability / Reliability 9. Failure on memo submission by TSPIC to tender committee for online approval via PCD MTPD *Maximum Tolerable Period of Disruption (days/ hours) 24 hours 1. Increase manhour cost 2. Increase facilities cost 1. Approval & delivery process can be delayed. 2. Procurement Lead Time. 3. Insufficient time preparation to organize sitting. NA 1. Permanent losses in image & reputation due to long procurement process. 2. Lack of SLA achievements and target. 3. Unplanned and lack of organized process. Prolong systems unavailable (downtime) RTO *Recovery Time Objective (days/hours) < 24 hours 1. Increase manhour cost 2. Increase facilities cost 1. Approval & delivery process can be delayed. 2. Procurement Lead Time. NA Minimal impact on image or reputation Temporary systems unavailable (downtime) Continuity Strategy / Plan Pre Activity During Activity Post Activity 1. TSPIC identify that next process for tender committee approval failed. 2. Immediately report the incident through mySSC by TSPIC. 3. Active manual process – To download memorandum paper and organize tender committee sitting. 4. Seek consent from chairman of tender committee for manual sitting/circulation. 5. Active notification via email/whatsApp for tender committee sitting & CMPIC 1. TSPIC to activate manual process for tender committee sitting/circulation and action sheet issuances. 2. TSPIC to activate online conference / meeting platform. 3. TSPIC to notify memo creator to provide relevant documents such as Form A, Form B And Form C. 4. TSPIC to activate manual submission of action sheet to PSS, TGBS for contract documentation. 1. Gathered post-mortem from administrator (e.g. assessment, system & report). 2. Relevant parties to approve resources needed to expedite recovery, if any 3. Administrator to provide platform for regularization process 4. TSPIC to regularize action sheet update into PCD after system recovery. 5. Administrator to inform on system recovery status to respective users Dependencies Assumption Internal External 1. Initiator (CATEX, KASE) 2. TNB Business Unit 3. Tender Committee Members 4. Procurement Services, TGBS 5. ICT NA 1. Disruption on PCD system will impact on approval process and delays the award process accordingly. 2. Procurement Leadtime can not be met. 3. Service Level Agreement (SLA) timeline exceeded. 41
WORKFLOW OF TENDER SECRETARIAT PROCESS (NORMAL PROCESS) 42
WORKFLOW OF TENDER SECRETARIAT PROCESS - BCP FOR S1 & S2 S1 S2 S1= Scenario 1, S2= Scenario 2 43
WORKFLOW OF TENDER SECRETARIAT PROCESS FOR GMTC (NORMAL PROCESS) S1= Scenario 1, S2= Scenario 2 44
WORKFLOW OF TENDER SECRETARIAT PROCESS FOR GMTC - BCP FOR S1 & S2 S1 S2 S1= Scenario 1, S2= Scenario 2 45
WORK INSTRUCTION OF TENDER SECRETARIAT PROCESS 46
RELEVANT DOCUMENTS FOR MANUAL PROCESS FORM A – Form for Award FORM B – Form for Supplementary 47
RELEVANT DOCUMENTS FOR MANUAL PROCESS FORM C – Form for PUCC 48