- Messages From Management
- Company Profile
- Integrated Management
- Responsible Public Services
- Role Model in the Industry
- Preparing for the Energy World of the Future
Business continuity is the ability of an organization to sustainits products and services at an acceptable level after the interruption incident (ISO 22301:2019). We attach great importance to business continuity with the responsibility to provide a service that touches the lives of approximately 21 million users in the energy distribution and retail business lines. In this framework, we have been maintaining Business Continuity management System practices for an organizational aim that is resistant to potential interruptions and crises in Enerjisa Enerji A.Ş. and subsidiaries since 2015. We as the Group Risk Management under the Corporate Finance and Treasury Directorate of the CFO organization are following global Business Continuity Management (BCM) standards, prepare all documentation with this approach and put into effect for Enerjisa Enerji A.Ş. and 3 Retail Companies since the BCM project which was completed in 2015.
We create Enerjisa BCM documentation in accordance with ISO 22301:2019 standards and update annually with the contribution of all related stakeholders of the process. In order to spread Business Continuity Management System standards to the whole organization, with the decision of the senior management, we took the step to ensure that retail companies have ISO 22301:2019 certification in order to use e-invoice and e-Archive infrastructure. Within the scope of the related certification, 3 retail companies are certified. Our distribution companies receive support from private integrator companies for the use of e-invoice and e-Archive infrastructures.
The spine of business continuity infrastructure is the durability of the technological infrastructure. We touch on 60+ critical business units, taking into account the business units and corporate functions across the organization. Group Risk Management (for Group and Retail companies) and The Process Development Team (for Distribution companies) carry out the coordination of all meetings and actions to be held within the scope of BCM, arrange briefings for critical business about the annual update period and organizational (or unit based) changes to be reflected to documentation.
Updates of critical business units are received through BIA (Business Impact Analysis) documents and in light of this information, Business Continuity and Crisis Management Plans are updated.
CRITICAL BUSINESS UNITS
Critical units are business units that have the process as long as they need to be up and running even if they are at critical level until the end of the first month of the crisis. On the other hand, it may be possible that the critical processes of these units affect Enerjisa Enerji in general.
5 Annual Business Continuity Briefing Sessions were organized with the participation of all critical business unit managers in İstanbul, Ankara and Adana. During these sessions, the participants were informed about the changes made within the year and reminded about the preparation methodology of BIA documents for the upcoming annual update process.
In BIA documents, Critical Units share the information below;
- Critical processes
- IT applications used in critical processes
- RTO (Recovery time Objective), RPO (Recovery Point Objective), MTPOD (Maximum Tolerable Period of Disruption) scores of critical processes
- Internal and external dependencies on critical processes
- Printed or virtual critical document information
- Critical personnel list and contact information
- 1 to 3 disruption scenarios and 2 alternative solution steps (This information was started to be asked as of January 2019)
We selected the facilities that meet the standards during field assessments in 3 regions for Crisis Command and/or Alternative Work Location to be used in the scenarios of potential interruption or crisis. In order to keep these locations physically ready, we work with the cooperation of Location Managers and the Department of Administrative Affairs representatives. We determined 12 alternative locations for 3 regions and updated the plans according to this work.
On the other hand, the units that are expected to support the crisis management team in these types of crises and are defined in the crisis organization schemes are shown below;
- Corporate Communications Group Management
- Corporate Legal
- Occupational Health and Safety Management
- Information Technology Operations Management
- Directorate of Human Resources Administrative Affairs
- Group Risk Management
As a development that started for the first time in 2019 with the participation of the function managers, we established the Business Continuity Committee and held two meeting. The committee meets twice a year with moderation of Group Risk Management even if any incidents occurs or not. The first meet is held following the audit of ISO 22301:2019 which takes place in February each year and the agenda includes sharing of audit outputs and quality improvement recommendations for the BCM structure. The second meeting is planned to be based on a review of the improvement level according to workplan in November.
CEO who is the natural leader of the crisis management team and the absolute crisis manager in case of potential crises is briefed on annual basis in April (following the completion of the first meeting of the certification audit and Business Continuity Committee). Within the context of this session, the CEO is informed about his role and responsibilities within the crisis management organization and also the updates in the relevant plans are presented. The CEO Briefing session of 2019 has been completed on 10.04.2019.
DRILLS AND EXERCISES
In the context of the revolts, we follow two methods to assess how much the scenarios and predictions in our consolidated plans will respond to real-life needs;
Scenario-based table exercise: With the participation of all the representatives of the crisis management team and support functions under the chairmanship of the CEO once a year, we perform scenario-based table exercise and share the final report of this exercise with the auditors during the ISO 22301:2019 certification audit conducted every year as well as the process stakeholders. We invite members of the board of Directors from both Sabancı Holding and E.ON.
Disaster Recovery Testing: We perform disaster recovery tests with the leadership of IT Department, without a break for around 24 hours in November on annual basis. It is the responsibility of the Group Risk Management team to participate in the test study as observer and archive the result reports. We share the result report with the audit company during the ISO 22301:2019 certification audit. All IT applications used in Enerjisa are simultaneously disabled during the drill in parallel with a real disaster scenario. We then measure the RTO (Recovery Time Objective), RPO (Recovery Point Objective) and MTPOD (Maximum Tolerable Period of Disruption) timings as defined in our BCM plans. After completion of the exercise, we synchronize the obtained data in IT and Group Risk Management documents, co-ordinate the arrangements and share radical differences with relevant business units if any occurred. We successfully carried out the latest test which the Group Risk Management Team participated as an observer in November 2019