Guaranteeing the continuity of operations and protecting the corporate information assets : this is what Business Continuity ( ISO 22301 ) and information security ( ISO 27001 ) respond to.
BUSINESS CONTINUITY
Today we are increasingly witnessing a succession of disastrous events, which also have a very strong impact on the production sector, and in particular on the agri-food sector . Just think of facts related to:- natural phenomena and epidemics (earthquakes, floods, possibly avian flu or mad cow disease, etc.)
- international and national political events (terrorism, protest demonstrations, strikes, market crashes...),
- emerging critical issues so far not very present in Europe and in Italy and therefore not appropriately assessed in terms of scope, such as for example the blackout ,
- damage or collapse of buildings or part of company equipment.
But how can the effects of disasters in the agri-food sector be mitigated?
The possibility of these events occurring is leading companies to place particular attention on the continuity of service of organizations in all market sectors, including the food sector, in order to avoid loss of customers and damage to image , ensure that risks are minimized and that activities can continue in a short period of time.
Naturally, planning does not imply any immunity to problems: sometimes events are of unprecedented gravity and unpredictable in risk assessments.
However, the business continuity plan provides companies with a framework to be prepared to face a series of unforeseen events that can threaten their sustainability or existence: for example, potential alternative suppliers can be identified, so that continuity of supplies is not interrupted in the event of a natural disaster.
Are there specific methods for implementing mitigation measures and business continuity systems for these companies?
The use of the ISO 22301 standard can be a reference for defining the management and recovery methods for emergency and crisis situations that can compromise the distribution chain or production activity.
Continuity management focuses on the following aspects:
- conducting a Business Impact Analysis in order to identify the risks and related impacts associated with one's work activity in the event of a disastrous event that leads to the unavailability of infrastructure, personnel or technology;
- definition of a corporate Business Continuity plan (fundamental especially in the event of unavailability of IT systems, with consequent loss of productivity of the working staff and of important company data);
- definition of emergency/crisis management procedures aimed at both restoring data/information and returning to normal operating activity;
- definition of the methods of internal communication and with the media in the event of an emergency;
- execution of periodic tests aimed at guaranteeing the coherence of the plans for both the technological and organizational aspects.
ICT SECURITY
When we speak in general of "Information Security" we refer to a multiplicity of technical, organizational and procedural aspects that tend to protect hardware, software, information and services.In particular, with regard to information, the main characteristics that must be protected are:
- privacy (or confidentiality), which tends to guarantee that information cannot be accessed by unauthorized parties, either intentionally or accidentally;
- integrity , which tends to guarantee that the information cannot be subjected to unauthorized alterations, whether accidental or intentional;
- availability , which aims to ensure that authorized parties can effectively access information whenever necessary, even in the presence of accidental impediments or in the presence of deliberate hostile actions that tend to prevent access.
Information Security Management helps to:
- ensure the continuity of the services business
- minimize damage resulting from any accidents
- maximize the return on invested capital
- maximize opportunities for improvement