Business Continuity Management The dynamic management of risk and opportunity is at the heart of our business planning and value creation processes. We have established a business continuity management system ensuring Netcompany-Intrasoft’s business continuity capabilities and the recovery of services in case of disruption. To tackle significant risks that may occur due to potential business continuity disruptions, we set up a dedicated business continuity management team in 2021 to ensure the highest quality supervision and maintenance of our business continuity management system. The team defines and coordinates mitigation actions to ensure business continuity, including establishing and activating business continuity plans, and coordinating employees, suppliers and clients. Our business continuity and disaster recovery policies formalise the business continuity programme of our Company, providing processes and guidelines for designing, maintaining and implementing business continuity plans to ensure uninterrupted operation of business activities.
We review Netcompany-Intrasoft’s enterprise risks on an annual basis. Our business continuity management system is certified according to the leading international standard ISO 22301:2019 requirements. The system is established in such a way that enables us to operate with high resilience, improve recovery times, effectively handle disasters and keep our critical operations and functions up and running during a period of crisis. We use the processes of the business continuity management system to continuously improve, monitor our performance risk encounters and take proactive actions to minimise the impact of such risks.
Our business continuity management team has identified the following five priority areas:
In the context of the current pandemic, safeguarding our employees’ health and safety is the highest priority. Our approach to eliminate our people’s exposure to risk is at the hear of our business, underpinning everything we do to support their well-being. We have established our Occupational Health and Safety (OH&S) Management System that is certified according to the leading international standard ISO 45001:2018 requirements. It has helped us to ensure the provision of safe and healthy workplaces, act proactively to improve the wellness of our people, eliminate any hazards and minimise potential risks.
Moreover, to align with the provisions of psychosocial risk prevention from a global occupational health perspective, in-house proactive measures are designed to address psychosocial, environmental and technological parameters pertaining to the best possible set-up of the workplace.
Climate change and natural disasters
Natural disasters will always be at the forefront of our agenda, given the dramatic climate change events that have taken place during the last decade. Having the utmost support from our environmental, health & safety management systems, our mitigation actions focus on reinforcing business continuity in such cases. Risks arising from earthquakes, floods, snow, fire and other extreme natural events are mitigated by specific countermeasures related to reinforcement of the infrastructures of our data centres and office buildings to withstand such extreme situations. In this context, we implement appropriate technical and organisational measures to ensure a level of resilience and security appropriate to the climate and natural disasters, such as potential network disruptions, including investments made in IT infrastructure.
Quality of services
Delays, shortages and unsatisfactory levels of services may adversely affect our clients, impact the client relationship and result in a negative reputation. In these changing times, it is of utmost importance that business continuity is maintained to secure our operations and services for clients and keep delivering quality projects. Recognising this, we have become ISO 9001:2015 Quality Management Systems certified to demonstrate and reinforce the significance and presence of quality of services throughout our business operation.
Furthermore, we avidly try to avoid “single point of failure” situations by planning our continuity and succession, and by ensuring that our teams can work even if we lose key contributors. In this way, we build enough resilience in our Company in unexpected circumstances, thus ensuring continuous quality, agility and availability of the services that we provide.
Privacy and security
Netcompany-Intrasoft operates in compliance with regulation that protects personal data and the privacy of our clients in the digital world. We are committed to minimising the risks related to information assets by establishing and continuously improving our Information Security Management System, certified according to the leading international standard ISO 27001:2013. We are dedicated to ensuring that our market conditions dictate the responsible use and handling of all sensitive information for products and provided services, personal and client data. Information security has been integrated into all aspects of our activities to guarantee the confidentiality, availability and integrity of all information technology assets that we hold, including information and data entrusted to us by our clients and partners.
That is why we are taking all appropriate steps and controls to protect the personal data we process, as well as to ensure that their processing is always carried out in accordance with the obligations laid down by the applicable legal framework, both by us and by the third parties that process personal data on our behalf. We process the personal data of data subjects in accordance with national laws applicable to our establishments, as well as with the European Regulation 2016/679 on the protection of individuals with regard to the processing of their personal data and on the free movement of such data (General Data Protection Regulation – EU GDPR) in force.
We always strive to execute our operations by taking into strong consideration various financial parameters and criteria, such as market trends, credit risk and financial performance, so as to ensure the effective risk management of our critical suppliers, partners and customers. Additionally, we place emphasis on adequate cashflow management across all our related legal entities to strengthen our credit profile and to safeguard our financial resilience.
Risk Management and Adequate Internal Controls
To identify, assess, mitigate and monitor risks, we apply our Enterprise Risk Management (ERM) policy, a combination of structured and consistent risk assessment processes that secures our commitment to implementing effective risk management. The purpose of the ERM policy is to provide guidance regarding the management of risks in supporting the achievement of corporate objectives, protecting staff and business assets, and ensuring financial sustainability. The ERM policy ensures the context is in place in line with corporate governance best practices to identify and assess negative and/or positive risks while determining effective negative risk reduction and/or positive risk utilisation activities. The context comprises both external elements, including regulatory environment, market conditions, stakeholder expectations and internal elements referring to the Company’s governance, culture, standards and rules, existing contracts and information systems, among others. This enables us to perform our risk management activities efficiently and effectively at an enterprise level, in addition to a project level. In line with ERM best practices, our risk management activities focus on keeping risk exposure within an acceptable range in alignment with our risk appetite framework while seeking to decrease the probability of negative risks, or threats, and increasing the probability of positive risks, or opportunities. Evaluating the effectiveness of our risk processes, assessing the performance of our risk management activities and introducing process improvements to reduce exposure to negative risk factors that may jeopardise the financial soundness of Netcompany-Intrasoft’s operations constitute key risk management activities.
Our risk assessments are conducted systematically and collaboratively, drawing upon the knowledge and views of stakeholders using the best available information, supplemented by further enquiry as necessary.
Our risk management activities are implemented as part of the four-lines-of-defense governance model that is in place to support a risk-based approach to decision-making and oversight, as well as independent assurance across all Netcompany-Intrasoft operations.
Owing to a robust internal control system in place, alongside regular risk assessment, we conduct key performance indicator (KPI) monitoring at regular intervals. Our risk management activities are implemented in strict compliance with our Code of Conduct ensuring adherence to our ethical principles of transparency and integrity. In addition, we have also identified key factors that contribute to efficient risk management in non-financial issues.
Our targets for 2022 and onwards
- Target 1: Training for all personnel on the effective management of emergency situations (e.g. earthquakes, snow, fire drills).
- Target 2: Establish the enterpise risk management framework to help monitor enterprise risks and opportunities raised across the various activities of the Company.