We are committed to preparing a capable response
We are an ever more resilient organization, we try to anticipate the unexpected, we respond by pushing back and quickly recovering from crisis situations. We also believe in flexibility through adapting to change.
The occurrence of a failure or disruption can significantly affect society and the operation of industries and services. Our Business Continuity Policy describes our commitment to crisis management and reflects the principles that govern our actions:
Establish levels of prevention and resilience to reduce the impact of disaster or disruption;
Protect employees, assets and the business in the event of a disruption;
Support the return of priority activities and their support functions;
Resume normal business activities as soon as possible;
Promote awareness of the role to be played by all employees and external entities;
Make sure that procedures are cyclically tested and updated.
Maintaining focus and ensuring functionality in a disruptive scenario are the principles of our Business Continuity strategy. We believe that the needs of a secure society are guaranteed by this strategy, which ensures the relationship with our network of partners and our ability to manage change, anticipating risks. Our strategy is materialized through the Business Continuity Management System (BCMS), allowing us, in an organized and cyclical manner, to: Identify potential threats to the organization and business; Quantify the impact on the realization of those risks; Design and exercise defined procedures for different disruption scenarios.
In October 2015, we received the Business Continuity Management System Certification, awarded by the British Standards Institution (BSI), which has since been renewed in July 2018 and December 2021. In this way, we ensure that the Management System remains properly aligned with international best practices and in compliance with the International Standard ISO 22301:2019 - Societal Security - Busciness Continuity Management Systems. This certificate reflects the path we have traveled and the strategy we have implemented to achieve organizational resilience.
It is inevitable that any organization will experience some kind of crisis. The most important thing is to be prepared to deal with a complex, anomalous and unstable situation. The most frequent disruptive events with significant impact on our business are usually associated with natural causes - extreme winds - that cause simultaneous breakdowns in the Medium Voltage overhead power grid. It is difficult to predict when these events will occur, but when they do, we have to respond with predefined action plans.
In these scenarios, it is important that we act effectively and robustly. The Crisis Management and Business Continuity Plan seeks to anticipate emergency response needs and ensure the recovery of our business. The Plan incorporates procedures, contingency and emergency plans, defines the actions to be taken and the role of each person. The liaison officers who ensure close coordination and cooperation with the National Civil Protection Authority, its District Commands and with the Municipal Civil Protection Services are previously defined at national, regional and local levels. Click to the side and get to know our Crisis Action Plans.
The Operational Plan for Crisis Response of the Distribution Network (POAC-RD) exists since 2009, activated in events of great relevance, high concentration of people and great public visibility. Its goal is to minimize the impact resulting from power supply failures, as well as preventive actions to reduce the probability of occurrences. The plan contemplates four activation states: Prevention, Alert, Disturbed, and Emergency. This plan defines the various procedures to ensure crisis intervention, the coordination chain and the organizational model, from human resources to materials to be involved in emergency response, until the full recovery of our services. This constant effort earned us, in 2014, the European Award Most Effective Recovery of the Year awarded by the Business Continuity Institute, considering the company's response to storm Gong, in 2013.
In the event of a cyber-attack, we activate the Cyber Security Incident Response and Response Plan (PARIS). This is extensively tested and evaluated, with the aim of training the teams, testing the preparedness and maturity of our organization to deal with the threats of digital transformation. In 2018, we participated in the first edition of the National Cybersecurity Exercise (exNCS) promoted by the National Cybersecurity Center (CNCS), to test and evaluate methods and procedures in the area of cybersecurity and promote the creation of digital resilience at the national level. This exercise was an opportunity for us to execute PARIS, test and evaluate our ability to respond and recover from cyber-incidents. It allowed us to cooperate with other national entities in creating synergies and exploring the interdependencies between different sectors of activity.
Contingency plans have specific scopes to identify and describe the alternative procedures to be executed to quickly control a disruption, minimize the consequences, restore service, and return to normal operation.