Business Continuity Policy

Declaration of Information Continuity Principles

Which are the Business Continuity Principles?

NOS Group's Executive Committee and our Employees are committed to an efficient management of Business Continuity risks, in accordance with the organisation's strategic objectives and the following principles:

The Business Continuity Principles behind this Policy are:

  • To ensure an effective management of Business Continuity, supported by an adequate identification, impact assessment and characterisation of business Mission Critical Activities (MCA) and the priority Products/Services (P&S) provided to customers, taking into account their criticality for the organisation.
  • To ensure the availability of information, guaranteeing its access whenever necessary and allowed, without undue delay, as well as the asset resilience (systems, platforms, infrastructure, other assets), ensuring they have the ability to withstand an incident.
  • To carry out regular assessments of risks related to Business Continuity, to allow the adequate identification and management of interruption risks, as well as the continuous monitoring of its status in light of the objectives defined.
  • Develop Business Continuity Strategies and implement Continuity Plans or resilience actions that make it possible to face technical-operational failure scenarios (communications network, information systems), massive human resource failures (pandemic flu), catastrophic failures (natural disasters), or other scenarios that the organisation considers relevant .
  • Develop and implement Crisis Management Plans for the most relevant failure scenarios in order to safeguard the organisation’s reputation, image and brand, ensuring appropriate crisis assessment, escalation and both internal and external communication processes for the various impacted stakeholders (employees, customers, public, media, official authorities).
  • Perform adequate incident management, by putting in place processes to prevent, detect, record, report, handle and investigate any incidents and vulnerabilities that may disrupt Business Continuity. 
  • Ensure the validity and continuous improvement of BCM processes through their maintenance, testing and auditing, having as a philosophy the integration of BCM life cycle and the corresponding continuity requirements in business processes and in the relationship with relevant partners.
  • Promote employee awareness, training and certification in Business Continuity areas, especially in those that are most involved in BCM processes.
  • Ensure that business continuity processes are compliant with both the organisation’s internal policies regarding information and the laws and regulations external to the organisation.
  • Incorporate Business Continuity into the organisation’s business processes and objectives, as a necessary condition for customers satisfaction and trust (particularly corporate and institutional customers and, additionally, as a differentiating and competitiveness enhancing factor of the services offered.