Business Continuity Management KPMG Case Study: BCM in a pharmaceutical company

Business Continuity is defined as an organization’s ability to maintain product and service delivery at acceptable levels following a crisis. It is an essential part of business strategy, aimed at ensuring the continuity of operations in case of disruptive events. This thesis is the result of the work done in KPMG Advisory S.p.A. I joined Information Risk Management Team in KPMG Advisory S.p.A. in September 2023, and I have been following this Business Continuity project since April 2024. In this work, I contributed to develop a Business Continuity plan for a Client in the pharmaceutical industry to enhance its Operational and IT Resilience. The paper begins with a general introduction to Business Continuity, including how it has been introduced in companies, its regulatory requirements, and the methodology to be followed to enhance BC. It then analyzes the procect itself and how it has been conducted in the pharmaceutical industry analyzed. This project involved conducting a Business Impact Analysis and Risk Assessment to find potential threats, vulnerabilities, and critical risks. The goal is to provide a plan that provides guidelines and procedures, a plan that allows you to transfer to the customer a methodology to be applied in the management of an emergency. The evaluation and implementation of the plan will then be made complete in the future with specific intervention plans. The Business Continuity plan created in this project led to the development of customized strategies for continuity, which also helped the client align with international standards. As a result of Business Impact Assessment and Risk Assessment, the Client become able to prioritize its weaknesses to introduce new strategies to mitigate risks. Following the completion of the Business Continuity Plan , it can be advantageous for a Company to advance the organization’s resilience and security frameworks by pursuing other objectives, such as GDPR compliance and ISO 27001 certification.