ACTIVE_BusinessContinuity

Business Continuity Processes

Here is how Expertflow aims to ensure that all business activities can be kept at normal or near-normal performance following an incident that has the potential to cause a major disruption to its business activities. For example, Extreme Weather Events, Cyber Attacks, Infrastructure Outages, Loss of Power, Loss of Facility or Premises, etc.

Review Period

Expertflow ensures a review of its business continuity policy annually at a minimum, or when significant business process changes occur, to ensure the information contained herein is current and applicable.

Policy

Here is how Expertflow aims to ensure business continuity in case of significant external advrese conditions.

Employee diversity

We try to have at least two people being well aware of a particular topic so we don't have single points of failure.

We are proactively recruiting across all our offices so as not ot have a single point of failure . This includes various nationalities and religions (Coptic Christians, Muslims Hindus, Christians). This is not only done with the intent to support clients locally, but also with the intent for business continuity in regard to working hours, holidays, language, tribes/ ethics (we intentionally hire both Shia and Sunni in Pakistan, both Yoruba and Ebo in Nigeria, both Coptic Christians and Muslims in Egypt. We prefer to hire women and minorities.

We see diversity as an essential factor to stability and regularly discuss culture internally - including for ex training on how Pakistanis and persons from India can work together, how we fight corruption, how we ensure data privacy for our customers, how people should dress on camera in which country.

IT continuity

We have since the beginning of Expertflow since 2007 worked internationally together at a distance via remote tools.  So as long as there is Internet, there is Expertflow.

In all larger offices we have UPS that last two hours, a Diesel Generator with sufficient Diesel to run the office for several days, two independent glass fiber trunks and (unarmed) guards.

We share. and plan all information and tasks online (a CRM, ticketing, Jira,...), so we know at any point what somebody was working on.
We use either large cloud services (Google Workplace), or when hosted on our own, generate regular backups of all servers (on AWS, Digitalocean, Contabo) - we also take physical backups.
We enable 2FA for all tools where available, and are currently implementing central IAM (Identity and Access Management). There is a four-eye principle for sensitive actions, and the CEO has admin access to all tools.

COVID-19

We have a home-at-work policy for all our employees. Coming to the office is optional, voluntary and discouraged. We have installed air filters in all office rooms, sanitation/ sterilization stations, and all our frequently-touched spaces (door handles, toilets,...) are disinfected on a regular basis. Mask-wearing is mandatory. Our offices follow Cov guidelines by local authorities. The CEO has direct access to a senior Epidemilogist in Switzerland. Expertflow implements the more stringent of measures (either by the local authorities or Switzerland)

Emerging Markets - Political Unrest/ Corruption

Expertflow has offices and is operating in Emerging markets. This comes with it's own challenges. We had in the past had a bomb exploding close by and shattering windows. We had regular power interruptions, glass fibers being destroyed (once by construction workers, once in Kenya stolen because there is a tradition of stealing copper wires), ocean fibers being cut, political unrest and demonstrations, curfews. We have Dengue in Pakistan, Malaria in Westafrica, which strikes once in a while somebody or their close ones.
There are late payments, sudden currency controls and bankrupcies of clients. This could result in irregular cash flows - as a result we broadened our geographical coverage in order to have no client corresponding to more than 10% of our revenue.
We regularly have employees leaving for better-paid jobs abroad, so we hire and train continuously and have a well-oiled onboarding process.
These challenges are business as usual for us. It's because we have these continuous challenges, that we're probably more resilient and adaptive than companies operating in more stable environments. We always anticipate that something could mess up and that we need some slack so we can deliver according to Western standards.
That we have challenges doesn't reduce our standard against which we aim to deliver.

Policy Leadership

The CEO is designated responsible for this business continuity management system program. Resolution of issues in the development of, or support of, all plans and associated activities is directly coordinated with the CEO.

Corrective Action Plan

In situations where a department does not conform to this policy, the CEO will prepare a report stating the case for non-compliance and present it to the relevant process owner/team lead for resolution of the non-compliance.

Implementation

This Policy is implemented through the application of Expertflow's Quality Management System (QMS), to drive continual improvement.