Enterprise Risk Management and Business Continuity
GARMCO has established an Enterprise Risk Management Framework in accordance with ISO 31000. ERM Policy is formulated and ERM Procedure is developed, which outlines the methodology of Risk Assessment by detailing the process of Identifying, Analysing, and evaluating Business Risks. An ERM Risk register is maintained and half yearly review is carried out with the Process owners, and results are discussed at various levels, primarily in the ERM Steering Committee, then in Audit, Risk and Corporate Governance Committee(ARCGC) and to the Board of Directors.
Business impact analysis for all processes are reviewed annually at GARMCO. Incident management and business continuity plans are developed to ensure prompt response and restoring operational activities, thereby to build organisational resilience. Incident Management teams are structured into Gold, Silver and Bronze levels to control, coordinate and communicate, in case of any major disruptive incidents. Recovery and start-up plans for all processes are also reviewed and exercised periodically. GARMCO IS Certified for ISO 22301 :2012, Business Continuity Management System.
Information Security Risks are identified, Analysed and controlled by most appropriate Risk Treatment Methodologies and Best Practices. GARMCO’s ICT section is certified for ISO 27001: 2013 Information Security Management System (ISMS). Various Procedures and Work Instructions are developed, implemented and Reviewed for Preserving Controls and executing confidentiality, integrity and availability of information & data at GARMCO. ICT Disaster Recovery Plan is developed and exercised periodically to continually improve our restoring Capability.