Business Continuity

Definition and management of Business policy for the Continuity
ISO 22301:2019

Try KRC

System Management

1. Context Definition

It defines the business policy of Business Continuity, the scope of application, expectations of stakeholders, roles, responsibilities and delegations and competences. It also defines the processes, both own and in out sourcing, and the related responsibilities.

2. Objectives

Allows to manage the entire management cycle of the objectives from the definition of the program, the feasibility analysis of the single objective, the assignment and management of the activities, the frequency and the relative responsibility, the schedule with notification of warning and alert, the upload of the documentation, the closure and the final balance, is input to the Review. Enables management of approval and information workflows.

3. Operational Controls

Allows to manage the entire management cycle from the identification, planning and analysis and assessment of controls according to the procedure / operational instruction, the assignment and management of activities, frequency and related responsibility, the schedule with notification of notice and alert, registration of the accomplishment (register), the upload of documentation, the closure and the final balance, the input to the Review.

4. Business Impact Analysis (BIA)

It defines the priorities and the requirements of business continuity, the process of analyzing the activities and the effects that an interruption could have on them and allows setting priorities for the recovery of critical processes by defining the Maximum Tolerable Period of Disruption (MTPD). The Threat Analysis, on the other hand, promotes the understanding of the risks related to critical processes, their dependencies and the potential consequences in case of interruption. These activities form the basis on which - in the planning stage - the Recovery Time Objective (RTO) and the Recovery Point Objective (RPO) are defined, and on which the strategies and tactics of business continuity and threat mitigation measures are selected.

5. Business Continuity Plan

Definition of roles and responsibilities, purpose, objectives, activation criteria and procedures, communication, timing, procedures for testing and simulating crisis cases, plan formalization.

6. Investigation of Near-Events, Events, NC Management

Allows management of the entire integrated management cycle of events and nearmisses (HSEQ, Energy, Safety Information etc) from reporting and validation, uploading of documentation, management of immediate treatment, classification of NC, root cause analysis, the planning and management of CAPA, the closure and the final balance, the input to the Review. Enables management of approval and information workflows.

7. Audit

Allows the management of the entire audit process from the definition of the annual audit program in the different areas, quality, environment, health and safety, energy, etc., to the generation of individual plans for the definition of the agenda of activities and points of the standard that will be investigated, through the appropriate check-lists, during the execution, of the objective evidence, the preparation of the report of the results and the list of NC/OSS and related CAPA. The integration is implemented with the management flow of the NC/OSS and the CAPA and with the Review and with the Human Resources database regarding roles, tasks, legal titles and personal data.

8. Communication

Enables targeted management of the communication and information process to both internal and external stakeholders.

9. Review

Identification and evaluation of indicators of effectiveness and efficiency of controls, framework of effectiveness of the management system.

 

Other Processes

Training It manages from the identification and analysis of individual and collective needs, to the verification of the effectiveness of the activity carried out by tracing the process on the training booklet of the resource.
Changes Management The Change Management flow manages the entire process from the change request to the planning and management of change activities. Enables management of approval and information workflows. Different types of documents are managed both with external documents uploading and as documents generated by the Platform.
Check-List Management Allows the creation of the master check list for use, for example in audits, maintenance cards, operational checks.

 

Integration

Integrated Areas and Flows

The processes of Audit, Targets, Operational Controls, Event Management and Non-Conformity and Re-examination are managed in integrated flows for the different Management Systems: Environment, Health and Safety, Quality, Energy, Privacy, Information Security, Anti-corr​uption, Social Responsibility.

Human Resources Area

  • Registry File Management: allows you to manage the integration between the corporate HR Database and the KRC HR Database. It allows the production of personal data sheets: it associates the job, the qualifications and the legal and corporate titles; it composes the training booklet from the training flow, the risk assessment form from the risk assessment flow, the health protocol from the health surveillance flow, the PPE per task and distributed by the PPE flow.
  • Organization charts: allows you to produce the corporate and legal organization chart.
  • Roles and Responsibilities: allows the Job Description to be produced with regard to activities and responsibilities from the Procedures and Instructions Management flow.  

Flow Norms and Laws for the Management of Legal Prescriptions

It allows to produce the regulatory framework, the systematization of the provisions contained in the provisions and to assess the legislative compliance by identifying methods of verification and control and those responsible. It generates the regulatory schedule with the sending of prescription notifications to the managers. The rules and laws and the provisions relating to the risk element will be displayed in the risk and environmental aspects forms.

Norms and Laws update service

KEISDATA provides the supply with a fortnightly update of the rules and laws characterized by Scope, Thematic, Sub-topic, Topic and Element of risk with relative upload of the legislative document. Generates the regulatory schedule with notifications to managers.

Autohorization management flow

It allows you to manage authorization from identification to assigning responsibilities. Create the authorization framework, manage the related activities and create the authorization register. Generates the schedule with notification of notice and registration of the successful completion with upload of the documentation.