Since 2017 i-Hub has developed innovative solutions that help financial sector businesses ensure their KYC (Know Your Customer) and AML/CTF (Anti-Money Laundering/Counter Terrorism Financing) compliance. This subsidiary of the POST Luxembourg group offers a unique service featuring the collection, verification, maintenance and storage of identity data and documents. i-Hub cuts the administrative burden by offering its clients and their partners secure access to a personal digital dossier including all necessary information. “We manage data and documents linked to the identities of our clients’ clients. It is essential that we can guarantee the highest level of security, integrity, availability and confidentiality,” commented José Correia, i-Hub’s Chief Administration Officer, CISO and Business Continuity Manager. “Since we were founded, we have invested continually in security, but also in operational continuity management, as we know these are essential to winning and maintaining our clients’ trust.”
Continuity: a trust vector
Supervised by the CSSF as a support PFS, i-Hub must meet demanding requirements. As regards business continuity, internal teams are able to rely on strong support from the management as they seek the highest standards. In February 2019, the firm decided to take the path towards achieving ISO 22301 certification. This “specifies the requirements for planning, establishing, putting to work, managing, revising, maintaining and improving continually a documented management system to protect against disruptive incidents, reduce their likelihood of occurring, to prepare, to react and to restore after an incident” (source ISO.org). “With this process we wanted to guarantee the sustainability of our activity, to preserve our reputation, and above all, to reinforce the trust our clients put in our services,” Mr Correia added. “We are developing structured solutions suitable for any potential crisis, and seeking every opportunity to ensure excellence and operational resilience.”
Reinforce continuity management
To integrate ISO norms in the heart of its processes, i-Hub called on the expertise of EBRC’s continuity specialists. An early step was to lead a process audit, which demonstrated that best practices were already in place. These were then documented while the finishing touches were put to being compliant with ISO 22301. “Several months of work were required, particularly completing and formalising documentation, putting in place new processes, and creating a system of continuity management which put us in line with best practice regarding continuous improvement and performance measurement,” Mr Correia added.
The i-Hub team supported by EBRC consultants worked with the staff to understand normal work processes and the approach to a range of related risks. “The business impact analysis (BIA) sessions and the risk analysis enabled us to map and evaluate the criticality of these activities and the related threats, to identify what resources are needed, to identify internal and external stakeholders, to establish the interruption tolerance levels, and create a timetable for the resumption of activities,” commented Barbara Risse, an EBRC Business Continuity Management consultant. “From this we can create a coherent, effective continuity strategy including staff, buildings, public authorities, suppliers, applications, data, and telecommunications services,” noted Quentin Mouzard, also an EBRC Business Continuity Management consultant. -From which came the business continuity plans, all documented and tailored for each activity. “The role of this document is to support department heads when they face a major incident such as the lack of availability of colleagues or buildings, the outage of a critical service or technology provided by third parties, a pandemic and so on. This is a detailed document that will be consulted in a crisis. First, it enables essential activities to resume, followed by a return to normal as soon as possible,” added Ms Risse.
Covid-19 has been a real-time test
The pandemic emerged in the middle the external audit certification process, which enabled i-Hub and its staff to test the effectiveness of its recent business continuity management system. While many considered the pandemic as a major crisis, i-Hub and its partners saw an opportunity. They reacted quickly, and needed only minimal effort to document their plans (regarding continuity, crisis communication, IT continuity, and more) as well as the continuity policy and strategy required during this unique period. Henceforth the work was carried out remotely, as new modes of supervision were implemented to limit the virus spread. “A continuity management system must, above all, give the business the capabilities to react effectively as quickly as possible to all eventualities, enabling each team to contribute to the maintenance of activity,” explained Christophe Ruppert, a Senior Business Continuity Management consultant with EBRC. “It requires perfect understanding of the business, and effective management support to give the organisation a real culture of resilience to its core. A clear sense of engagement by everyone within i-Hub can be felt, from the management to every team, coupled with professional competence and a focus on business objectives” Mr Ruppert added.
An audit of all i-Hub’s activities by the accredited independent firm Bureau Veritas showed full compliance with ISO 22301. The overall document quality and the management system were highlighted by the auditor, whose was incidentally leading its first remote audit . “Passing the certification is the culmination of substantial teamwork, featuring expertise and support from EBRC. Throughout the project, there was a positive spirit which enabled us to progress in a smooth, coordinated fashion,” Mr Correia noted.
“With ISO 22301 certification, we meet our clients’ demands for integrated, robust, proven solutions, and we satisfy our regulatory supervisor as well. This certification matches i-Hub’s philosophy perfectly in terms of reliability, and service quality sustaining our clients’ activities.”