Business Continuity Management
Recognizing the importance of ensuring business continuity, the company Smooth Drug Development has committed to the creation, maintenance and continuous improvement of business continuity management system.
The system is based on the requirements and recommendations of ISO 22301 "Societal security – Business continuity management systems – Requirements" and takes into account the company's activities, competitive and regulatory environment, as reflected in the relevant sections of the company's regulations.
Development, implementation, maintenance and improvement of the system is one of the main priorities of the company's management.
The aim is to ensure implementation of the system processes:
- Actively improve the stability of the organization, ensure the stability of its ability to achieve its goals.
- Provide exhaust method of restoring an organization's ability to deliver main services at the basic level within the agreed time after the occurrence of an incident.
- Provide a verified organization's ability to manage incidents and protect its business reputation, competitiveness and brand.
The expected results of implementation of the system are:
- Identification, protection against negative impacts and ensure a continuous supply of basic services.
- The ability to manage the incident, sufficient to provide an effective response in a particular situation.
- Developing, documenting and understanding of the organization of internal relations and relations with other organizations, legislative and governmental bodies, local authorities and emergency services.
- Training implementation of an effective response in the event of an incident.
- Understanding and establishing the requirements of the parties involved.
- Providing staff with the necessary support and tools for information exchange in the event of incidents and violations of organization.
- Additional protection organization of the supply chain.
- Additional protection of the reputation of the organization.
- Integrity of the organization when performing mandatory and legal requirements.
System structure:
- Business Continuity Policy – sets out the general provisions, the philosophy, objectives, scope, structure and principles of implementation of the system in the company.
- Coordination Council – a group of officials of the organization, authorized and responsible for the development, implementation and monitoring to ensure the continuity of programs and plans of activities, as well as the initiation of work in the event of emergencies and crises and the direct co-ordination of work in the process of recovery after the incident.
- Business Continuity Program – defines the requirements for business continuity, provides an analysis of external and internal influences, risk assessment, competence assurance program, training and implementation of the company culture, the list of agreements with third parties for the purpose of business continuity.
- Incident management plans and business recovery – describe the measures aimed at maintaining business continuity, responsible persons and procedures in the event of threats.
- Training plans – contain a schedule and program of exercises, as well as records about their conduct.
- Plans for the application of self-esteem, support, analysis and improvement of the system.
The company has been ISO 22301 certified since 2017. Compliance with the requirements of ISO 22301:2019 "Business Continuity Management Systems" is confirmed by the international company G-CERTI.
Comparison of business continuity management systems
System elements | Minimal system | Smooth Drug Development BCMS |
Systems backup | ✔ | ✔ |
Incident management plans | ✔ | ✔ |
Data backup | ✔ | ✔ |
Analysis of the impact of incidents on business processes | ✖ | ✔ |
Risks and opportunity assessment | ✖ | ✔ |
Risk mitigation plans | ✖ | ✔ |
Defining of the minimum acceptable level of operations | ✖ | ✔ |
Determining the timing of recovery after incidents | ✖ | ✔ |
Regular self-analysis of the system and measures to improve | ✖ | ✔ |
Training of employees, conduct of exercises to eliminate incidents | ✖ | ✔ |