Business Continuity Management
Recognizing the importance of ensuring business continuity, the company Smooth Drug Development has committed to the creation, maintenance and continuous improvement of business continuity management system.
The system is based on the requirements and recommendations of ISO 22301 "Societal security – Business continuity management systems – Requirements" and takes into account the company's activities, competitive and regulatory environment, as reflected in the relevant sections of the company's regulations.
Development, implementation, maintenance and improvement of the system is one of the main priorities of the company's management.
The BCM system is implemented to ensure processes that:
• Effectively improve company resilience and ensure stability in achieving primary goals.
• Ensure a well-established approach for restoring company’s ability to provide principal services to the established level and within the agreed recovery time after failures in operations.
• Ensure a verified ability of the company to manage functional disruptions and protect business, reputation, competitiveness and brand.
• Reduce risks of company’s business disruption.
Implementation of the BCM system is expected to result in:
• Understanding and establishing requirements of the stakeholders.
• Identification, protection against negative consequences, and continuous provision of principal services.
• Establishing the company’s risk appetite.
• Sufficient ability to control an incident for ensuring effective countermeasures in a specific situation.
• Development, documentation and understanding of internal relationship and relationship with other companies, respective legislative and government bodies, local authorities and emergency services.
• Training of the staff members in effective countermeasures in case of an incident or operational disruption.
• Providing the staff members with necessary support and information exchange tools in case of any incidents or failures in operations.
• Additional protection for company’s supply chain.
• Additional protection for company’s reputation.
• Maintaining resilience when performing mandatory and legal requirements.
Elements of the BCM system are:
• This BCM policy which defines general provisions, philosophy, purposes, scope, structure, and principles for BCM system implementation. BCM policy is to be approved by the CEO.
• BCM Coordination Council, which consists of a group of corporate officers who are authorized and responsible for developing, implementing, and monitoring business continuity programs and plans as well as initiating actions in case of any accidents and crises and direct coordination of actions during the process of recovery after an incident. The BCM Coordination Council is to be approved by the CEO.
• The BCM program (POL_QD_02 “Business Continuity Management Program”) which defines requirements to business continuity, contains analysis of internal and external impacts, risk assessment, programs for competence assurance, training and BCM integration in the corporate culture, list of third-party agreements for the purpose of business continuity. The BCM program is to be approved by the CEO.
• Incident management and business recovery plans (IN_POL_QD_02 “Incident Management and Business Recovery Plan (CEO)”, IN_POL_QD_03 “Incident Management and Business Recovery Plan (IT)”, IN_POL_QD_04 “Incident Management and Business Recovery Plan (AD)”, IN_POL_QD_05 “Incident Management and Business Recovery Plan (CO)”) which contain description of measures to facilitate business continuity, designated persons, and action plan in case of any threats. List of plans is to be approved by the BCM Coordination Council. Plans are to be approved and implemented by the Heads of respective divisions.
• Training plans for incidents which contain a schedule, a training program and training reports. Plans are to be approved and carried out by the Heads of respective divisions.
The company has been ISO 22301 certified since 2017. Compliance with the requirements of ISO 22301:2019 "Business Continuity Management Systems" is confirmed by the international company G-CERTI.
Comparison of business continuity management systems
| System elements | Minimal system | Smooth Drug Development BCMS |
| Systems backup | ✔ | ✔ |
| Incident management plans | ✔ | ✔ |
| Data backup | ✔ | ✔ |
| Analysis of the impact of incidents on business processes | ✖ | ✔ |
| Risks and opportunity assessment | ✖ | ✔ |
| Risk mitigation plans | ✖ | ✔ |
| Defining of the minimum acceptable level of operations | ✖ | ✔ |
| Determining the timing of recovery after incidents | ✖ | ✔ |
| Regular self-analysis of the system and measures to improve | ✖ | ✔ |
| Training of employees, conduct of exercises to eliminate incidents | ✖ | ✔ |