PZU and PZU Życie have Business Continuity Plans and a Business Continuity Management Procedure in place.
The business continuity plan is a description of the actions necessary to be carried out in a situation of disruption to the operations of PZU or PZU Życie to ensure their continuous and uninterrupted operation.
The disruption may be due to the following:
- systems failures;
- cyberattacks;
- power failure;
- fire or flood;
- terrorist attack;
- pandemic or epidemic
PZU has a two-tiered model for responding to disruptions:
emergency procedures are activated by the decision of the head of the organizational unit responsible for the affected area;
when the possibilities of actions taken under the first level of response are exhausted or the deadline for restoring the nonfunctional area covered by the Plan is exceeded, the Crisis Staff is activated to take control of the situation.
On a periodic basis, but at least once every 3 years, a Business Impact Analysis (BIA) is carried out to identify the Company’s critical processes and services and the risks that cause them to become interrupted. In order to maintain the effectiveness and adequacy of business continuity solutions, Business Continuity Tests are conducted regularly. They are held on the basis of the Test Schedule for the calendar year agreed with the relevant business units and approved by the Company’s Management Board.
PZU and PZU Życie had a Crisis Staff established in 2023 2022 in the face of an attack by the armed forces of the Russian Federation on Ukraine. The announced Crisis Situation means that there is ongoing monitoring of the current political and market situation, and adequate measures are introduced to ensure, in particular:
- safety of employees;
- business continuity of the companies and security of financial assets of the PZU Group;
- additional safety measures in terms of cybersecurity and physical safety.
The task unit of the Crisis Management Team continuously monitors the situation of Ukrainian companies, also in terms of reaching the assumptions of the “Crisis Situation Management Plan”, as prepared by Ukrainian companies.
Additional cybersafety measures were introduced to mitigate risk with increasing probability of materialization. Anomalies in terms of cyber threats, extending to subsidiaries, are under continuous 24/7 monitoring.
Due to the nationwide implementation of CRP Alert Level 3 (CHARLIE-CRP) and Alert Level 2 (BRAVO), a heightened state of readiness of the physical and cyber security areas has been maintained continuously since February 2022 roku1
1. By Prime Minister’s Order of November 30, 2023, the third alert level of the CRP (CHARLIE-CRP) has been extended until February 29, 2024, 11:59 PM.