Business Resiliency

Ensuring employee safety, maintaining operational continuity, and meeting customer expectations

Our Business resiliency program ensures employee safety, maintains operational continuity, and meets existing customer obligations through events that would halt an unprepared organisation.

System 3 Group achieves resiliency through three principal areas of focus: business resiliency, incident management and Information Technology Disaster Recovery. We maintain our readiness by proactively assessing operational risks, establishing contingency plans, and administering incident response training.

System 3 Group assess and mitigates all potential business disruptions through our Business Resiliency program. Under this program, all corporate business units are required to maintain and exercise alternate operation strategies. For critical business operations, we conduct audits of business continuity plans and moderate annual exercises to ensure their plan efficiently mitigates realistic disruptions.

Program Overview

The business resiliency program is committed to providing a readiness state for the company that protects System 3 Group’s top priorities:

  • Employees
  • Business Operations
  • Customers and Partners
  • Community
  • Share Holders

Our Business Continuity policy calls for reviews, updates and testing of business continuity plans at scheduled intervals. System 3 Groups’ Business continuity management strategy includes prioritising key processes and functions, using Business impact analysis for process and services impacts, and for applications to support these business processes. Each of the critical processes and applications has resiliency plans to restore their functionality.

Scenario Planning

As a part of our best practices approach,  System 3 Group dos not plan for specific scenarios. However, each of our divisions reviews and prioritises the recovery of their critical processes, systems and vendors that maybe impacted during any disruptive event via an all hazards approach. With this approach, we capture the relevant elements tow work effectively within any scenario.

Resiliency Planning

Documented Business Continuity Plan

System 3 Group maintains a set of business continuity plans to help us prepare and react appropriately if faced with external events outside the control of our group companies, that could disrupt our business. In the event of a disruption, each of our business divisions has a multi-tired incident management programme that is designed to asses and deal with potential disruptions globally. The program guides decision points for the activation and execution of recovery plans for process and functions.

Recovering critical Business Processes and IT

In case of a significant dirruption, or an event of disaster System 3 Group’s business continuity plans are designed to recover critical business processes and functions identified in our Business impact analysis. In addition, our resiliency plans for recovering our IT services that support our critical business processes are based on a prioritisation process based on their criticality and as identified in the business impact analysis. System3’s IT Support services are categorised into critical bands to ensure most critical support services have documented plans in place to meet service requirements, service level agreements, and continuity of services.

Reviews

System 3 Group’s and it’s business divisions have given the responsibility of each business plan owner to complete annual review and update it appropriately. If a material change occurs, the plans are updated sooner, than the annual reviews.

Can I get a copy of your Business Continuity Plan?

Due to the critical nature and the material that is contained int he business continuity plan, System 3 Group does not share it’s plans outside the organisation and the relevant teams that need to have access to this information. If need be, and only if protected by Non Disclosures, System 3 Group does provide summary of information or discusses specific parts that may impact it’s customer’s business operations on a need to know basis.

 

Testing / Exercising

Is the Plan Reviewed by External and Internal Auditors?

Yes internal and external auditors review the Business Continuity plans and test results as a part of our annual activities.

Testing Periodicity

Business continuity plans are tested when they are first created, and annual updates and maintenance cycles also test these plans.

Results

The results are proprietary and are not shared with any external parties. We generally do not engage in joint testing except where it relates to our suppliers, vendors, and critical partners.

Incident Management

Company Level Incident Management Plan

System 3 Group and it’s Business divisions maintain a company level incident management plan, at the executive, global, regional and local levels. These contain direct strategic decisions based on inputs from the functional team representatives.

Customer Notification

Your account manager for each of the Business division is your primary point of contact and will be responsible to communicate about any business impairment that could impact our customers directly. Communications are initiated through our Incident management team and managed as a part of the Incident management communication plans.

Copies of these Plans

Due to the nature of confidential information in this material, copies of this plan are not shared outside the organisation. Under certain circumstances, with a proper non disclosure agreement in place, System 3 Group and it’s divisions can provide a summary information in a meeting regarding specific parts of the plans.

IT Resiliency

System Recovery Plan for Critical Systems

System 3 Group and it’s Business divisions have developed a distastes recovery plan for critical applications, and services that support our business process. Additionally, system redundancy is built into our infrastructure and all data center systems.

Alternative Site / DR Location

System 3 Group operates multiple data centers across the world, and as a part of it’s global data center strategy, the company and it’s group companies have adopted a DR Location approach for each of its assets and processes, allowing us maximum network and application resiliency.

Location of Primary Data Center and DR Locations

System3’s Critical IT assets are not located inside any of it’s operational buildings. All assets are maintained in Data Centers with Multiple DR Locations both onshore (Different City) and off shore (Different Country).

 

Recovery Strategies

Workplace Recovery Plan

System 3 Group has always worked from distributed campuses and office locations due to the nature of it’s business and business units. Due to the dispersion of our locations, our plans provide flexibility in relocation strategies that are not tied to a single location.