BUSINESS CONTINUITY MANAGEMENT (standard ISO 22301)

BUSINESS CONTINUITY MANAGEMENT (standard ISO 22301)

POLICY

Business ContinuityManagement (standard ISO 22301)

 

Dear Customer,

Dear Collaborator,

Dear Supplier,

Dear Business Partner,

Dear Consortium Member,

 

We have built our success by ensuring our customers continuity in the services provided. This also in times of greatest difficulty, coping with crisis situations that have impacted entire geographical areas.

Maintaining and developing our business continuity is essential for us. We therefore ask the same commitment to all our stakeholders (suppliers, collaborators, business partners, consortium members, investee and associated companies).

 

Ourbusiness  context

We are a joint stock cooperative consortium (our business name). Our consortium members (shareholders) are represented by micro and small medium enterprises, each of which represents a Subject Matter Expert.

Our mission is to provide professional services to businesses (consultancy, training, audit and business assurance). We support our customers in the delicate task of ensuring compliance of their business with mandatory and regulatory, technical, contractual and internal requirements.

The needs of our customers include the business continuity of the services provided to them and the resilience and availability of the information that we can process on their behalf. In particular, larger customers or those operating in sensitive industries ask us for a systematic and structured approach to business continuity.

 

Our commitment for business continuity

By this policy we are committed to adopting and incorporating the following principles of business continuity into our business model, processes and services provided by us:

  1. Resilience of our ability to provide services in the face of disruptiveincidents (including general crisis or emergency situations) that can lead to the interruption of the provision of these services. The business continuity requirement is therefore an integral part of our quality policy in compliance with the ISO 9001 standard. This policy is available on our website minervagroupservice.com
  2. Resilience of our ability to process personal data in accordance with the requirements of the GDPR. The requirement of business continuity is therefore also an integral part of our policy for the protection of personal data in accordance with the GDPR. This policy is available on our website minervagroupservice.com
  3. Resilience of our ability to protect information security in accordance with the requirements of the ISO 27001 standard. The resilience requirement is therefore also an integral part of our information security policy in accordance with the ISO 27001 standard. This policy is available on the our website www.minervagroupservice.com

We adopt a business continuity policy. This policy is communicated to all our stakeholders and is available on our website www.minervagroupservice.com

 

OurBusiness Continuiy Objectives

Our commitment

We are committed to pursuing business continuity objectives in a systematic and planned way. These objectives may include:

  1. Minimum business continuity objectives (MBCO): minimum level of services and / or products acceptable for the organization to achieve its business objectives during an interruption
  2. Maximum acceptable interruption objectives (MAO): time taken by negative impacts, which could arise due to failure to supply a product / supply of a service or performance of an activity, to become intolerable
  3. Objectives of maximum tolerable period of interruption (MTPD): time taken by negative impacts, which could arise due to failure to supply a product / supply of a service or performance of an activity, to become intolerable
  4. Recovery point objectives (RPO): point where information used by an activity must be recovered to allow the activity to recover
  5. Recovery Time Objective (RTO): period of time, after an accident, within which the product or service must be restored, or the activity must be restored, or resources must be recovered;

Control objectives

In order to pursue our business continuity objectives, we plan and pursue specific operational control objectives for the treatment of business continuity risks. These objectives are recalled by the business continuity pines and include:

  1. business continuity objectives for critical assets for the provision of our services, including goods and services supplied;
  2. business continuity objectives for critical processes for the provision of our services;
  3. business continuity objectives for the services provided to our customers, possibly broken down by individual customer or type of customer.

 

Our Business Continuity Management System

In order to pursue our business continuity objectives, we have adopted a business continuity management system compliant with the ISO 22301 standard.

Our Business Continuity Management System has been integrated into the more general corporate management system and has been planned in order to consider aspects of Governance and Internal Control System, Risk Management aspects (with reference to the guidelines of the ISO 31000 standard) and Compliance aspects (with reference to the guidelines of the ISO 19600 standard).

We are committed to adapting and continuously improving our Business Continuity Management System and to make aware and train our stakeholders on its correct application.

Our contact channels

For any report of opportunities for vulnerability, threat,  improvement, non-compliance you can contact our Business Continuity  Manager at the following email address: PMO@minervagroupservice.it

 

Minerva Group Service