
Global Exchange Group
Business Continuity Policy
LEGAL PAGES
Business Continuity Policy
Global Exchange's commitment to Business Continuity is embodied in a robust Business Continuity Management System (BCMS). This system is a strategic pillar that allows us to ensure operational resilience and effective recovery capability of our essential activities in the face of any interruption. Its systematic approach provides us with the tools to anticipate, mitigate, and respond in an organized manner to incidents, optimizing resources and guaranteeing operational stability.
This policy establishes the fundamental guidelines of this BCMS, formalizing Global Exchange's position and strengthening our capacity to face and overcome interruptions derived from disruptive incidents, natural disasters, or any event that compromises operational continuity.
The Senior Management of Global Exchange expresses its firm commitment to the continuous improvement of the organization's operational resilience capability. This commitment translates into the ongoing evolution and refinement of our business continuity management, acting as a fundamental pillar to comprehensively protect our assets (tangible and intangible) and critical business processes against security risks. Our priority is to guarantee people's safety and well-being, strict compliance with applicable regulations, preservation of the company's good reputation and its long-term sustainability, thus consolidating the trust of our stakeholders.
This policy aligns with the main international standards, norms, and applicable regulations, including (but not limited to) ISO 22301, ISO 22317, ISO 31000, ISO/IEC 27031, Regulation (EU) 2022/2554 (DORA), Directive (EU) 2022/2555 (NIS2), and other relevant sectoral regulations regarding finance and information security.
Scope
This policy is mandatory for all employees, suppliers, consultants, temporary workers, or any other collaborators of the Global Exchange Group, regardless of their hierarchical position or geographical location.
Purpose
The purpose of this policy is to establish the framework for the development, implementation, review, and improvement of the Business Continuity Management System at Global Exchange. Through this system, we seek to provide an adequate and timely response to the materialization of disruptive events of various natures, whether technological, security-related, operational, or environmental, that could compromise the normal operations of our organization. Likewise, we aim to effectively mitigate the impact that such incidents could have on our critical business activities, minimizing operational interruptions and ensuring the timely and progressive preservation or recovery of essential data and functions until achieving a complete return to normality. All of this is oriented toward constantly maintaining the service levels committed to our clients and stakeholders, simultaneously protecting the reputation, assets, and competitive position of Global Exchange in the international market.
Purpose
Global Exchange's Business Continuity policy is based on the following fundamental principles:
- Focus on critical processes: We prioritize the identification, protection, and recovery of processes and activities essential for service continuity, ensuring the appropriate allocation of resources for their resilience.
- Multidisciplinary participation: We guarantee comprehensive management through representatives from different areas with experience and knowledge who actively contribute to the system.
- Comprehensive scope: We implement an approach that encompasses all internal areas, suppliers, and critical services, employing adequate and proportionate resources.
- Synergy between plans: We leverage the optimization of existing security means and resources in the entity to maximize the effectiveness of continuity strategies.
- Proportional measures: We adopt controls and procedures according to the established criticality for each process and activity, ensuring efficient resource management.
- Guarantees in external services: We incorporate security, privacy, and reliability criteria for critical services provided by third parties.
- Effective communication: We develop both internal and external communication procedures that facilitate the execution of plans and the timely provision of information during incidents.
- Awareness and training: We promote staff training on their responsibilities within the continuity framework to ensure an adequate response.
- Continuous improvement: We implement a systematic process of periodic reviews, tests, and updates of the Continuity Plan.
- Institutional collaboration: We maintain a commitment to cooperation with authorities in case of disaster, as part of our responsibility to the environment in which we develop our activity.
Business Continuity Management Framework
The business continuity management process at Global Exchange is articulated through a comprehensive and systematic approach:
• Risk Analysis: It begins with a comprehensive and periodic assessment of our catalog of threats and vulnerabilities.
• Business Impact Analysis (BIA): It continues with a detailed study of the potential consequences of interruptions, evaluating their economic, operational, reputational, and legal dimensions.
• Mitigation and Recovery Strategies: It culminates with the implementation of strategies and controls to mitigate identified risks, documented in recovery plans that guarantee the continuity of critical operations within the established target times and service levels.