Business Continuity During the COVID-19 Pandemic Era: Surviving

and Improving the Quality Process Management System

G. CHATZISTELIOS1, E. P. KECHAGIAS2*, S.P. GAYIALIS3, G.A. PAPADOPOULOS4,

N.E. SPYRIDONAKOS5

1,2,3,4School of Mechanical Engineering, National Technical University of Athens,

9 Iroon Polytechniou str, Zografou, GREECE

5Postgraduate Program on Quality Management and Technology, Hellenic Open University,

18 Parodos Aristotelous str, Perivola, Patra, GREECE

Key-Words: Business Continuity; Quality; Business Process Management; System; ISO; COVID

Received: May 22, 2021. Revised: April 11, 2022. Accepted: May 9, 2022. Published: May 31, 2022.

1 Introduction

Pandemics are a natural occurrence throughout

history, and the question is not whether one will

occur, but when one will (Huremović, 2019). The

worldwide community faced a pandemic similar to

those that occur every ten to fifty years owing to viral

mutations in the early years of 2020, the COVID-19

pandemic (Djalante et al., 2020). COVID-19 sickness

began spreading in China in December 2019 and was

declared a pandemic by the World Health

Organization (WHO) on March 11, 2020, due to the

disease's rapid expansion in the majority of the

world's countries (Jebril, 2020). Coronavirus disease

is caused by the SARS-CoV-2 virus, which causes a

respiratory infection and is spread from person to

person via the respiratory tract or by touch if proper

hand hygiene is not practiced. Fever, dry cough, and

discharge are the primary symptoms, which typically

last between two and fourteen days (Larsen et al.,

2020). The rapid spread of the virus, the resulting

complications in patients' health, and the disease's

high mortality rate have compelled the world

community to take fast action to safeguard human

lives and, secondarily, the economy (Ioannidis,

2021).

To halt the pandemic's global spread, country

leaders have proposed universal or individual

measures such as blockades, curfews, social

isolation, and forced stay at home, all of which might

have a catastrophic impact on a global business level

(Donthu & Gustafsson, 2020; Leite et al., 2020). The

COVID-19 pandemic has forced the closure of

numerous businesses, causing enormous disruptions

in various industries. Most businesses worldwide are

currently struggling to stay afloat, owing to

dwindling sales and rising levels of uncertainty about

the future. Therefore, it is critical for businesses to

conduct a thorough evaluation of their business

strategy in order to ensure business continuity

(Donthu & Gustafsson, 2020).

Businesses' continued operation in the face of

serious health crises, such as the COVID-19

pandemic, has prompted them to design and

implement customized Business Continuity

Management Systems (BCMS) based on

management standards, not only to deal with current

events, but also to deal with future ones (Torabi et al.,

2016). With the development and implementation of

a BCMS, which can also be referred to as a risk

management system, businesses gain an efficient and

effective tool for dealing with any catastrophic event

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

617

Volume 18, 2022

Abstract: Worldwide health and the global economy have been heavily damaged by the COVID-19 pandemic,

with business continuity being the primary issue of every company operating in the health industry. A critical

instrument for enterprise survival is the establishment of a business continuity management system that enables

them to manage risks, discover opportunities created by the pandemic, and secure their continuity. The purpose

of this paper is to examine how a pharmaceutical firm may ensure business continuity by adopting ISO

22301:2019 in parallel with the existing ISO 9001:2015 quality standard, as well as the similarities and

differences between the two management standards. According to the results, the pharmaceutical company,

whose case was studied, managed to create an effective action plan in order to mitigate at an acceptable level

the identified risks, to maintain its business continuity and to ensure the quality of the product and the health of

the patients and its employees.

that could have an irreversible impact on them

(Sahebjamnia et al., 2015), for increasing their

operational resilience, but also for identifying

potential opportunities (Torabi et al., 2016). A critical

component of implementing an effective SDR is

identifying, analyzing, evaluating, and responding to

risks that may influence the business, as well as

recognizing any opportunities that may develop

(Torabi et al., 2016).

In the remining of the paper, the most significant ISO

standards, ISO 9001: 2015 and ISO 22301: 2019,

related to risk management and business continuity

will be discussed and compared. ISO 9001: 2015

"Quality Management Systems-Requirements," is

studied given that risk management is a critical

component of the structure of the revised

management standards and that the primary objective

of businesses is to produce and offer high-quality

products to their customers while taking individual

risks into account. ISO 22301: 2019 "Security and

Emergency Recovery-Business Continuity

Management Systems-Requirements," is studied to

assist businesses on the difficult path to survival

based on the requirement for an immediate response

to the COVID-19 pandemic of business operations,

as well as the requirement for immediate and

unrestricted access to information.

After discussing the standards ISO 9001: 2015

and ISO 22301: 2019, as well as their similarities,

common points, and differences, the paper will

examine how applying management standards and

risk analysis tools can ensure a pharmaceutical

company's business continuity by adopting ISO

22301: 2019 in parallel with the existing quality

standard ISO 9000. The paper will also present the

results of an analysis of the effectiveness of

management standards in sustaining a

pharmaceutical business's operations and viability

during a pandemic, as well as the level of

preparedness of a company that already uses quality

systems. Finally, a summary of the structure of the

current work will be presented, together with the

most significant themes that were addressed, forming

the conclusions section.

2 ISO 22301:2019 vs ISO 9001:2015

The International Organization for Standardization's

(ISO) initiative to harmonize management standards

by establishing the "New High-Level Structure" to

assist enterprises in simultaneously adopting many

management systems is now a given. The ISO 22301

management standard was structured according to

this innovative method from the start, which was

enhanced in the revised edition of 2019. The same

was true with the modification of the ISO 9001

quality standard, which clearly reflected the new

methodology in its revised 2015 edition. The

comparison of ISO 22301 and ISO 9001, as shown in

Table 6 at the Appendix, demonstrates the new

structure's implementation in both standards. Also, a

key common point in the structure of the standards is

that they should follow the Improvement Cycle, as

shown in Table 7 at the Appendix, having the same

basic structure with some common requirements and

differences depending on the subject matter.

Comparing the requirements of the two standards for

the main sections (§4) to (§10) we can observe the

following similarities and differences.

2.1 Section 4: The Organization’s

Operational Framework

As illustrated in Table 6 at the Appendix, both

standards adhere to the same structure in terms of the

organization's operating framework, adjusting their

criteria according to the subject matter. ISO 22301:

2019 specifies in sub-section (§4.1) the identification

of external and internal BCMS issues, the

comprehension of stakeholders' needs, expectations,

and requirements (§4.2), and the legal and regulatory

requirements by separating them into a separate sub-

paragraph (§4.2.2), which does not exist in ISO 9001.

Sub-section (§4.3) discusses establishing the scope of

the BCMS by defining its limits and application and

concludes with the requirement for introducing,

implementing, maintaining, and continuously

improving BCMS (§4.4). In comparison, ISO 9001:

2015 refers in sub-section (§4.1) to the identification

of external and internal Quality Management System

QMS parameters, to the comprehension of

stakeholders' demands, expectations, and

requirements, as well as to applicable legislation and

regulatory requirements (§4.2). Sub-section (§4.3)

also refers to the definition of the QMS's scope,

taking into account the limits and application of the

QMS. ISO 9001: 2015 sub-section (§4.3) goes into

further depth about the establishment,

implementation, maintenance, and continuous

development of QMS and makes specific reference

to QMS processes, which is not the case in ISO

22301: 2019. Finally, both standards emphasize the

importance of having recorded information to

support the operation of the BCMS (§4.3.1) or QMS

(§4.4.1).

2.2 Section 5: Leadership

ISO 22301: 2019 sub-section (§5.1) refers to the

management's responsibility to take a leading role in

demonstrating its commitment to the BCMS by

ensuring all aspects of its successful implementation,

including the establishment of an appropriate

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

618

Volume 18, 2022

business continuity policy for the organization

(§5.2.1), communication within the organization but

also with stakeholders as needed (§5.2.2), and finally,

ensuring that roles, responsibilities, and

responsibilities are sufficient. In comparison to ISO

9001: 2015, the sub-section (§5.1) is further analyzed

in the sub-sections (§5.1.1), which refer to the

management's responsibility to play a leading role in

demonstrating its commitment to the QMS by

ensuring all aspects of its successful implementation

with reference to the process approach and the risk

approach, and (§5.1.2), which refers to the

management's responsibility to play a leading role in

demonstrating its commitment to the QMS by

ensuring all aspects of its Due to the fact that ISO

22301: 2019 deals with a different subject area, there

are no references to the process approach, risk

approach, or customer focus. Additionally, ISO

22301: 2019 refers to management's responsibility to

ensure that roles, responsibilities, and responsibilities

are appropriately defined and accessible throughout

the organization in sub-section (§5.3). Finally, both

standards make reference to sub-section (§5.2.2),

which states that a quality policy or company policy

must exist as proven information.

2.3 Section 6: Programming and Planning

ISO 22301:2019 and ISO 9001:2015 section (§6)

both pertain to the design and programming of

BCMS and QMS. ISO 22301: 2019 specifies the

requirements for defining (§6.1.1) and addressing

threats and seizing opportunities (§6.1.2),

emphasizing that threats and opportunities are related

to the efficacy of the system. The risk associated with

a disorganizing incident is mentioned in section (§8);

this is a note that is absent from ISO 9001: 2015.

Additionally, sub-sections (§6.2.1) and (§6.2.2)

examine the establishment and characterization of

business continuity objectives. Finally, there is the

addition of a new sub-section (§6.3), which did not

exist in the previous (§2012) version, which specifies

the requirements for managing changes in the

planning and scheduling of the SDES in accordance

with ISO 9001: 2015 section (§6.3). In comparison to

ISO 9001: 2015, sub-section (§6.1) defines the

requirements for identifying (§6.1.1) and managing

threats and seizing opportunities (§6.1.2), describing

in greater detail what should be included in the risk

management choices, which is not the case with ISO

22301: 2019. Additionally, it refers to the

formulation and defining of quality targets, which are

discussed in sub-sections (§6.2.1) and (§6.2.2).

Finally, sub-section (§6.3) specifies the procedures

for handling modifications to the QMS’s design and

planning. Finally, both standards emphasize the

importance of maintaining current information on

business continuity and quality targets (§6.2.1).

2.4 Section 7: Support

ISO 22301: 2019 and ISO 9001: 2015 section (§7)

both relate to the support required for the BCMS and

QMS to be implemented successfully. More

precisely, in sub-section (§7.1) of ISO 22301: 2019,

reference is made to the resources required for

establishment, implementation, maintenance,

updating, and continuous improvement, without

going into greater detail, in contrast to ISO 9001:

2015, which analyzes the requirements for internal

and external resources (§7.1.1), personnel (§7.1.2),

infrastructure (§7.1.3), and the environment in which

processes operate (§7.1.4), resources for monitoring

and measuring compliance with requirements for

products and services (§7.1.5), resources for tracing

measurements (§7.1.5.2), and the essential

operational expertise for operating processes and

achieving product and service conformity (§7.1.6).

The following sections of the two standards outline a

common structure and requirements for staff

professional competence (§7.2), staff awareness of

the organization's policies and objectives (§7.3), and

the requirements for internal and external

communication (§7.4), all of which are adaptable to

the needs of each management system. Finally, both

standards make reference to the requirement for

substantiated information to exist (§7.5), to be

created and updated (§7.5.2), and to be verified

(§7.5.3), with a particular emphasis on the

identification and verification of substantiated

externally generated information.

2.5 Section 8: Operation

ISO 22301: 2019 section (§8) and ISO 9001: 2015

both refer to the standards for the organization's

operation. Due to the fact that each management

model has a distinct subject matter, the requirements

for this part and its structure are entirely unique, with

no commonality between the two standards. ISO

22301: 2019 sub-section (§8.1) details the

requirements for planning and controlling the

operation of processes, with specific reference to sub-

section (§6.1), as well as the actions for addressing

dangers and capitalizing on opportunities. Sub-

section (§8.2) discusses the requirements for

operational effect analysis and risk assessment in

relation to ISO 31000, which is a common

denominator for both standards. Sub-section (§8.3.2)

details the requirements for the definition of business

continuity strategies and solutions, while sub-section

(§8.3.3) details the requirements for the selection of

business continuity strategies and solutions, as well

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

619

Volume 18, 2022

as the resource requirements (§8.3.4) for their

implementation (§8.3.5). Sub-section (§8.4) covers

the requirements for business continuity plans and

procedures, the requirements for the response

structure (§8.4.2), and the requirements for warning

and communication (§8.4.3), all of which are

accomplished through documented business

continuity plan procedures (§8.4.4) as well as the

criteria for reorganizing the organization following a

disorganizing event (§8.4.5). Finally, sub-section

(§8.5) discusses the requirements for implementing

and maintaining an effective exercise and testing

program to validate the effectiveness of business

continuity strategies and solutions, as well as the

requirements for evaluating business continuity

documentation and capabilities (§8.6).

2.6 Section 9: Evaluation of Performance

ISO 22301: 2019 and ISO 9001: 2015 section (§9)

both refer to the requirements for evaluating BCSM

and QMS. More precisely, in sub-section (§9.1) of

ISO 22301: 2019, reference is made to the

requirements for determining what needs to be

monitored and measured, for monitoring,

measurement, analysis, and evaluation methods, as

well as for when and by whom monitoring,

measurement, analysis, and evaluation are

performed. The requirement to identify the staff or

team responsible for monitoring, measuring, and

analysis is new, and does not appear in the ISO 9001:

2015 standard. In comparison, ISO 9001: 2015

maintains the same general requirements for

monitoring, measurement, analysis, and evaluation

(§9.1.1), but adds requirements for monitoring the

degree to which customer needs and expectations are

met (§9.1.2), as well as for the analysis and

evaluation of relevant data and information on

product and service compliance, customer

satisfaction, the performance and effectiveness of

SBS, and the effectiveness of threats and

opportunities (§9.1.3). Both standards establish a

common framework and procedures for conducting

internal audits (§9.2), management review (§9.3),

incoming information to be considered (§9.3.2), and

management review outcomes (§9.3.3), which are

correctly customized to each management system.

Finally, both standards make reference to the

necessity to retain substantiated information as proof

of management review results (§9.3.3).

2.7 Section 10: Improvement

ISO 22301: 2019 and ISO 9001: 2015 sections (§10)

both refer to the requirements for improving the

BCMS and QMS. More precisely, sub-section

(§10.1) of ISO 22301: 2019 refers to the

identification and utilization of opportunities, non-

compliances and the requirements for dealing with

them, as well as the management, monitoring, and

evaluation of corrective actions taken as a result of

non-compliances (§10.1.1, 10.1.2, 10.1.3). In

comparison, ISO 9001: 2015 refers to the

identification and exploitation of opportunities, but it

goes into greater detail regarding the improvement

actions, which include the enhancement of products

and services, the correction, prevention, and

reduction of adverse effects, as well as the

enhancement of the performance and effectiveness of

the QMS (§10.1). Additionally, non-compliances and

the requirements for dealing with them are discussed,

as is the method for managing, monitoring, and

assessing corrective measures performed in response

to non-compliances (§10.2.1, 10.2.2). Finally, both

standards require the existence of validated

information demonstrating the type of non-

compliances and the outcomes of corrective efforts,

as well as the continual improvement of the business

continuity (§10.2) or quality (§10.3) management

system.

2.8 Conclusions from the Comparison

Considering the comparisons made between the two

standards, some critical conclusions may be drawn. It

is evident that by applying the "New High-Level

Structure" to the two ISO standards 22301: 2019 and

ISO 9001: 2015, the standards can be harmonized in

terms of their structure and the common requirements

they share for the bulk of their sections. A critical

point of convergence in the construction of

management standards is that they are all based

around the Improvement Cycle, as illustrated in

Table 7 at the Appendix, with a similar fundamental

structure but with some common requirements and

changes depending on the subject matter. The two

standards now share even more requirements than in

previous versions, including the operational

framework of the organization in relation to the

BCMS or QMS, the leadership position and

commitment, the planning and scheduling of the

BCMS or QMS, the treatment of threats and

opportunities, the resources required for successful

implementation of the BCMS or QMS, the evaluation

of the performance of the BCMS or QMS processes,

and finally the requirement to keep substantiated

information for all individual requirements, always

taking into account the different subject matter.

In light of the various points, we can deduce the

following:

 ISO 9001: 2015 includes a more

extensive sub-section (§4.3) on the

establishment, implementation,

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

620

Volume 18, 2022

maintenance, and continuous

improvement of QMS and makes

specific reference to QMS processes,

which is not included in ISO 22301:

2019.

 The sub-section (§5.1) of ISO 9001:

2015 is further analyzed in sub-sections

(§5.1.1) with reference to the

management's responsibility to play a

leading role in demonstrating its

commitment to the QMS and ensuring

all aspects of its successful

implementation, with reference to the

process approach and the risk approach.

Due to the fact that ISO 22301: 2019

deals with a different subject area, there

are no references to the process

approach, risk approach, or customer

focus.

 ISO 22301: 2019 sub-section (§6.1.1)

identifies the requirements for

identifying and responding to threats and

exploiting opportunities (§6.1.2), noting

in particular that the threats and

opportunities relate to the effectiveness

of the BCMS, as the risk associated with

the disorganizing event is mentioned in

section (§8) – a note that is absent from

ISO 9001: 2015. ISO 9001: 2015 sub-

section (§6.1) details the standards for

defining (§6.1.1) and managing threats

and seizing opportunities (§6.1.2),

outlining in greater depth the risk

management solutions available, which

is not the case with ISO 22301: 2019.

 ISO 22301: 2019 sub-section (§7.1)

makes reference to the resources

required for establishment,

implementation, maintenance, updating,

and continuous improvement, but

without going into detail, in contrast to

ISO 9001: 2015, which analyzes the

requirements for internal and external

resources, personnel, infrastructure, the

operating environment for processes,

and resources for monitoring and

measuring product and service

compliance resources for the traceability

of measurements as well as and the

necessary operational knowledge for the

operation of its processes and the

achievement of the conformity of the

products and services (§§7.1.1-7.1.6).

 Both ISO 22301: 2019 and ISO 9001:

2015 refer to the requirements for the

operation of the organization in section

(§8); however, due to the distinct subject

matter of each management model, the

requirements for this section and its

structure are completely different, with

no overlap between the two management

standards.

 ISO 22301: 2019 and ISO 9001: 2015

sections (§9) both refer to the

requirements for evaluating BCMS and

QMS. However, ISO 22301: 2019

includes a new requirement for

identifying the staff or team responsible

for monitoring, measuring, and analysis,

which is not included in the ISO 9001:

2015 standard. ISO 9001: 2015 adds

requirements for monitoring the degree

to which customer needs and

expectations are met, for analyzing and

evaluating appropriate data and

information about the conformity of

products and services, the degree of

customer satisfaction, the performance

and effectiveness of QMS, the

effectiveness of threats and

opportunities, and the need for SBS

improvement (§9.1.2–9.1.3).

 Finally, ISO 22301: 2019 and ISO 9001:

2015 sections (§10) both allude to the

standards for BCMS and QMS

improvement. ISO 9001: 2015, however,

goes deeper than ISO 22301: 2019 in

terms of improvement actions, which

include product and service

enhancement, correction, prevention,

and reduction of adverse consequences,

and enhancement of the QMS's

performance and effectiveness (§10.1).

3 Case Study of Business Continuity in

a Pharmaceutical Company due to the

COVID-19 Pandemic

After discussing the similarities, common points, and

variations between ISO 9001: 2015 and ISO 22301:

2019, this section will discuss how a pharmaceutical

company manages a disorganized occurrence, in this

example the COVID-19 pandemic. Despite the lack

of ISO 22301 certification, the company maintained

its business continuity through the application of the

principles of the business continuity and

reclassification management standard and the know-

how gained through the successful implementation of

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

621

Volume 18, 2022

the ISO 9001: 2015 quality standard and the rules of

Good Manufacturing Practices (Abou-El-Enein et al.,

2013).

3.1 Section 4: The Organization’s

Operational Framework

The company is engaged in pharmaceutical

manufacturing and enjoys a significant market share

in the generic pharmaceutical sector. The company's

activities span the whole pharmaceutical value chain,

from product research to ultimate distribution in

more than 85 countries globally. It is equipped with

two manufacturing facilities dedicated to the

manufacture of Solid Pharmaceutical Forms (coated

and uncoated tablets, capsules) and Injectable

Pharmaceutical Forms. The Greek National

Medicines Agency (EOF) has certified the units for

the manufacture of sterile and non-sterile products,

their packaging, and chemical and microbiological

quality control.

The company's quality management system has been

designed to provide customer / consumer satisfaction

through the provision of high-quality and competitive

products, as well as compliance with Good

Manufacturing Practices (GMP) and EOF standards.

To accomplish this purpose, the company has

implemented an ISO 9001-based quality system that

covers all of the company's activities, including

export management and product design.

Additionally, the organization follows an ISO 14001-

compliant Environmental Management System.

As previously stated, the pharmaceutical

company is certified to the ISO 9001: 2015 quality

standard and the Good Manufacturing Practice

(GMP) guidelines. Internal general operating

procedures (Standard Operating Procedures, SOP)

for risk assessment are implemented in this context.

The basic method is established in accordance with

the ISO 31000 management standard "Risk

Management - Principles and Guidelines" the ISO

9001 quality standard "Quality Management Systems

- Requirements" and the European Medicines

Agency's (EMA) ICH Q9 «Quality Risk

Assessment» guideline. All the company’s

departments are presented in Table 1.

Table 1: The Pharmaceutical Company’s

Departments

S.M.

Senior Management

P.E.

Planning & Exports

I.T.

Informatics

Q.C.

Quality Control

P.P.

Product Production

Q.A.

Quality Assurance

H.R.

Human Resources

F.M.

Financial Management

H.&S.

Health & Safety

C.S.

Customer Service

I.

Interdepartmental

3.2 Applying the Risk Assessment

3.2.1 Risk Assessment and Identification

At the beginning of the COVID-19 pandemic, the

company set up an interdepartmental Crisis

Management Team (CRM), which included a

representative of the Senior Management, IT (IT),

Human Resources (HR), Financial Management

Quality Assurance, Planning & Exports, Product

Production and Health & Safety. This team was

responsible for assessing the risk and operational

impact, including the worst-case scenario which was

the suspension, but also for all the measures that

would be taken during the pandemic period. At the

outbreak of the pandemic, CRM applied the

brainstorming technique (Brainstorming) and based

on the professional competence and experience of the

participants proceeded to assess and determine the

risk and operational impact by category, as presented

below:

1. Disorganization event management

• Risk of suspension

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

622

Volume 18, 2022

• Inadequate handling of a disorganizing

event

• Inability to meet legal and regulatory

requirements

2. Personnel management

• Risk of spreading the infection to

personnel working in production

facilities

• Risk of unavailability of labor due to sick

leave

• Risk of increased contamination by

personnel returning from leave

• Risk of contamination from external

collaborators operating in the production

unit, laboratories and offices

• Risk of staff misconduct during a

pandemic

• Risk of insufficient staff information

during the pandemic

3. Remote operation and computer security

• Risk of not providing adequate

equipment (laptops, printers, monitors,

etc.) to support remote work (work from

home) due to lack of market

• Risk of failing to maintain cybersecurity

and productivity when connecting

remotely

• Risk of unsafe access to the network

from remote work (e.g., data theft,

electronic phishing (phishing), malware

attacks)

• Risk of non-availability of security at

network and application level

• Risk of unsafe mobile devices

4. Facilities

• Risk of contamination of the product

production unit (Suspension of

operation)

• Risk of contamination of offices,

laboratories and ancillary premises ( Not

product production areas) (Suspension

of operation)

• Risk of contamination of warehouses

(Suspension of operation)

• Risk of infection from insufficient social

distance

• Risk of infection from visitors, auditors,

contractors and external partners

• Risk of dependence on service providers

(e.g., especially those involved in pest

control, facility cleaning, transport

companies, etc.)

• Risk of the health and hygiene of staff

5. Products and services

• Risk of product safety and quality

• Risk of patient safety

6. Supply chain management

• Risk of shortage of raw materials

(Actives, excipients, packaging

materials) as well as reagents, solvents,

etc., to support the production of

products

• Risk of not being able to provide

products to customers

• Risk of insufficiency of transport

companies

• Risk of delivery delays and impact on

products and services

7. Financial management

• Risks related to financial liquidity

• Inability to fulfill financial obligations

• Inability to provide required resources

8. Social Responsibility

• Inability to strengthen society

3.2.2 Risk Analysis

During the risk analysis phase, the Risk Priority

Number (RPN) was calculated for each identified

threat based on Severity (S), Occurrence Probability

(O) and Detection Probability – Detectability (D). In

addition, the impact categories were assessed

according to the management standard ISO 22317:

2015 "Business Continuity Management Systems -

Guidelines for Business Impact Analysis" and the

categories as presented in Table 8 at the Appendix.

Table 2 demonstrates the categories and examples of

impacts at the level of products and services. Table 3

presents the threats that were identified as well as the

business sectors they have an impact on.

Additionally, the risk and operational impact

assessment is analysed in Table 4.

Table 2: Categories and Examples of Impacts at

the Level of Products and Services

Category of

Impact

Impact Examples

Financial (F)

Financial losses due to fines,

penalties, lost profits or reduced

market share

Reputational (R)

Negative impact on the

company's reputation

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

623

Volume 18, 2022

Legal and

Regulatory (L&R)

Liability and revocation of

product production and

distribution license

Conventional (C)

Violation of contracts or

obligations between companies

Entrepreneurial (Ε)

Failure to achieve goals or seize

opportunities

Table 3: Identified Threats and Business Impact.

No.

Description

Business

Impact

Disorganization event management

1

Risk of suspension

(F)/(Ε)/

(C)/(R)

2

Inadequate handling of a

disorganizing event

(Ε)

3

Failure to meet legal and regulatory

requirements

(L&R)

Staff management

4

Risk of spreading the infection to

staff working in production

facilities

(Ε)

5

Risk of unavailability of labor due

to sick leave

(Ε)

6

Risk of increased contamination by

personnel returning from leave

(Ε)

7

Risk of contamination by external

collaborators operating in the

production unit, laboratories and

offices

(Ε)

8

Risk from misbehavior of

personnel during the pandemic

(Ε)

9

Risk of insufficient staff

information during the pandemic

(Ε)

Remote work and computer security

10

Risk of not providing adequate

equipment (laptops, printers,

monitors, etc.) to support remote

work (work from home) due to

market shortage

(Ε)

11

Risk of failing to maintain

cybersecurity and productivity

when connecting remotely

(F)/(Ε)

12

Risk of unsafe access to the

network from remote work (eg data

theft, phishing, malware attacks)

(F)/(Ε)

13

Risk of unavailability of security at

network and application level

(F)/(Ε)

14

Risk of unsafe mobile devices

(Ε)

Facilities

15

Risk of contamination of the

product production unit

(Suspension of operation)

(F)/(Ε)

16

Risk of contamination of offices,

laboratories and ancillary premises

(not product areas) (Suspension)

(F)/(Ε)

17

Risk of contamination of

warehouses (Suspension of

operation)

(F)/(Ε)

18

Risk of infection from insufficient

social distance

(Ε)

19

Risk of infection from visitors,

auditors, contractors and external

partners

(Ε)

20

Risk of dependence on service

providers (eg especially those

involved in pest control, facility

cleaning, transport companies, etc.)

(Ε)

21

Risk of health and hygiene of staff

(Ε)

Products and services

22

Risk of product safety and quality

(F)/(Ε)/

(L&R)/(C)

23

Risk of patient safety

(F)/(Ε)/

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

624

Volume 18, 2022

(L&R)/(C)

Supply chain management

24

Risk of shortage of raw materials

(Actives, excipients, packaging

materials) as well as reagents,

solvents, etc., to support the

production of products

(F)/(Ε)/(C)

25

Risk of not being able to provide

products to customers.

(F)/(Ε)/(C)

26

Risk of insufficiency of transport

companies

(F)/(Ε)/(C)

27

Risk of delivery delays and impact

on products and services

(F)/(Ε)/(C)

Financial management

28

Risks related to financial liquidity.

(F)/(Ε)

29

Inability to fulfill financial

obligations

(F)

30

Inability to provide required

resources

(F)

Social responsibility

31

Failure to strengthen society

(R)

Table 4: Initial Risk Assessment and

Operational Impact for Each Identified Threat.

N

o.

Initial Parameter

Calculation

RP

N

Initial

Risk

Evalua

tion

Rispon

sible

(§S)

(§O)

(§D)

(§

S x

O

x

D)

Disorganization event management

1

High

(5)

High

(5)

High

(1)

25

Averag

e

I.

2

High

(5)

High

(5)

High

(1)

25

Averag

e

I.

3

High

(5)

High

(5)

High

(1)

25

Averag

e

H.R./

Q.A.

Staff management

4

High

(5)

High

(5)

Low

(5)

12

5

High

H&S/H

.R.

5

High

(5)

High

(5)

Low

(5)

12

5

High

H&S/H

.R.

6

High

(5)

High

(5)

Low

(5)

12

5

High

H&S/H

.R.

7

High

(5)

High

(5)

Low

(5)

12

5

High

Q.A.

/H&S/

H.R.

8

High

(5)

High

(5)

Aver

age

(3)

75

High

H&S/H

.R.

9

Aver

age

(3)

Aver

age

(3)

Aver

age

(3)

27

Averag

e

H.R.

Remote work and computer security

1

0

High

(5)

High

(5)

Low

(5)

12

5

High

I.T.

1

High

(5)

High

(5)

High

(1)

25

Averag

e

I.T.

1

2

High

(5)

High

(5)

High

(1)

25

Averag

e

I.T.

1

3

High

(5)

High

(5)

High

(1)

25

Averag

e

I.T.

1

4

High

(5)

High

(5)

High

(1)

25

Averag

e

I.T.

Facilities

1

5

High

(5)

High

(5)

Low

(5)

12

5

High

H.R./

H&S/

P.P.

1

6

High

(5)

High

(5)

Low

(5)

12

5

High

H.R./

H&S/

Q.A.

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

625

Volume 18, 2022

1

7

High

(5)

High

(5)

Low

(5)

12

5

High

H.R./

H&S/

Q.C.

1

8

High

(5)

High

(5)

Low

(5)

12

5

High

H.R./

H&S

1

9

High

(5)

High

(5)

Low

(5)

12

5

High

H.R./

H&S

2

0

High

(5)

High

(5)

Low

(5)

12

5

High

H.R./

H&S

2

1

High

(5)

High

(5)

High

(1)

25

Averag

e

H.R./

H&S

Products and services

2

High

(5)

Low

(1)

High

(1)

5

Low

P.P./

Q.C./

Q.A.

2

3

High

(5)

Low

(1)

High

(1)

5

Low

P.P./

Q.C./Q.

A.

Supply chain management

2

4

High

(5)

High

(5)

High

(1)

25

Averag

e

P.E./Q.

C.

2

5

High

(5)

High

(5)

High

(1)

25

Averag

e

P.E./

C.S.

2

6

High

(5)

High

(5)

High

(1)

25

Averag

e

P.E.

2

7

High

(5)

High

(5)

High

(1)

25

Averag

e

P.E. /

Q.A.

Financial management

2

8

High

(5)

Aver

age

(3)

Aver

age

(3)

45

High

F.M.

2

9

High

(5)

Aver

age

(3)

High

(1)

15

Averag

e

F.M.

3

0

High

(5)

Aver

age

(3)

High

(1)

15

Averag

e

F.M.

Social responsibility

3

1

Aver

age

(3)

Aver

age

(3)

High

(1)

9

Averag

e

S.M./

H.R.

3.2.3 Risk control

During the control and risk reduction phase for each

identified threat, decisions were made on strategies

and solutions, based on the evolution of the

pandemic, in order to avoid and / or reduce the risk

to acceptable levels, according to the results of the

RPN calculation for individual threats. Appropriate

measures were taken to avoid and / or reduce the risk

to acceptable levels for the identified threats whose

initial assessment was "High" and "Moderate". For

the threats whose initial assessment was "Low" it was

not necessary to implement actions to avoid and / or

reduce the risk to acceptable levels, however all

actions taken were in the context of improving

procedures. In addition, actions are classified as

"Level A (A) actions" for actions performed

immediately at the onset of the pandemic and as

"Level B (B) actions" for actions performed at a

secondary time during the evolution of the pandemic,

as shown in Table 8 of Appendix.

3.2.4 Risk Acceptance

During the risk acceptance phase for each identified

threat based on the actions taken to avoid and / or

reduce the risk to acceptable levels, the RPN for the

individual threats was recalculated. The recalculation

was performed to ensure that appropriate risk and

operational impact management strategies and

solutions were implemented and that the risk was

reduced to a company-acceptable level, as shown in

Table 5. From Table 5 and the final risk assessment

it is clear that based on the actions taken the overall

risk was mitigated from "High" to "Moderate", i.e., at

levels acceptable by the company.

Table 5: Final risk assessment and acceptance

for each identified threat and operational

impact.

N

o

.

Initial

Parameter

Calculation

R

P

N

(§

S

x

O

x

Initia

l

Risk

Eval

uatio

n

Rispo

nsibl

e

Risk

Acce

ptanc

e

(§S

)

(§O

)

(§

D

)

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

626

Volume 18, 2022

D

)

Disorganization event management

1

Hig

h

(5)

Ave

rag

e

(3)

Hi

gh

(1

)

15

Aver

age

I.

YES

2

Hig

h

(5)

Ave

rag

e

(3)

Hi

gh

(1

)

15

Aver

age

I.

YES

3

Hig

h

(5)

Ave

rag

e

(3)

Hi

gh

(1

)

15

Aver

age

H.R./

Q.A.

YES

Staff management

4

Hig

h

(5)

Hig

h

(5)

Hi

gh

(1

)

25

Aver

age

H&S/

H.R.

YES

5

Hig

h

(5)

Lo

w

(1)

Hi

gh

(1

)

5

Low

H&S/

H.R.

YES

6

Hig

h

(5)

Lo

w

(1)

Hi

gh

(1

)

5

Low

H&S/

H.R.

YES

7

Hig

h

(5)

Hig

h

(5)

Hi

gh

(1

)

25

Aver

age

Q.A.

/H&S

/H.R.

YES

8

Hig

h

(5)

Lo

w

(1)

Hi

gh

(1

)

5

Low

H&S/

H.R.

YES

9

Ave

rag

e

(3)

Lo

w

(1)

Hi

gh

(1

)

3

Low

H.R.

YES

Remote work and computer security

1

0

Ave

rag

e

(3)

Lo

w

(1)

Hi

gh

(1

)

3

Low

I.T.

YES

1

Hig

h

(5)

Lo

w

(1)

Hi

gh

(1

)

5

Low

I.T.

YES

1

2

Hig

h

(5)

Lo

w

(1)

Hi

gh

(1

)

5

Low

I.T.

YES

1

3

Hig

h

(5)

Lo

w

(1)

Hi

gh

(1

)

5

Low

I.T.

YES

1

4

Hig

h

(5)

Lo

w

(1)

Hi

gh

(1

)

5

Low

I.T.

YES

Facilities

1

5

Hig

h

(5)

Ave

rag

e

(3)

Hi

gh

(1

)

15

Aver

age

H.R./

H&S/

P.P.

YES

1

6

Ave

rag

e

(3)

Lo

w

(1)

Hi

gh

(1

)

3

Low

H.R./

H&S/

Q.A.

YES

1

7

Hig

h

(5)

Ave

rag

e

(3)

Hi

gh

(1

)

15

Aver

age

H.R./

H&S/

Q.C.

YES

1

8

Hig

h

(5)

Lo

w

(1)

Hi

gh

(1

)

5

Low

H.R./

H&S

YES

1

9

Ave

rag

e

(3)

Ave

rag

e

(3)

Hi

gh

(1

)

9

Aver

age

H.R./

H&S

YES

2

0

Ave

rag

e

(3)

Ave

rag

e

(3)

Hi

gh

(1

)

9

Aver

age

H.R./

H&S

YES

2

1

Hig

h

(5)

Lo

w

(1)

Hi

gh

(1

)

5

Low

H.R./

H&S

YES

Products and services

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

627

Volume 18, 2022

2

Hig

h

(5)

Lo

w

(1)

Hi

gh

(1

)

5

Low

P.P./

Q.C./

Q.A.

YES

2

3

Hig

h

(5)

Lo

w

(1)

Hi

gh

(1

)

5

Low

P.P./

Q.C./

Q.A.

YES

Supply chain management

2

4

Hig

h

(5)

Lo

w

(1)

Hi

gh

(1

)

5

Low

P.E./

Q.C.

YES

2

5

Hig

h

(5)

Lo

w

(1)

Hi

gh

(1

)

5

Low

P.E./

C.S.

YES

2

6

Hig

h

(5)

Lo

w

(1)

Hi

gh

(1

)

5

Aver

age

P.E.

YES

2

7

Ave

rag

e

(3)

Ave

rag

e

(3)

Hi

gh

(1

)

9

Aver

age

P.E. /

Q.A.

YES

Financial management

2

8

Ave

rag

e

(3)

Lo

w

(1)

Hi

gh

(1

)

3

Aver

age

F.M.

YES

2

9

Ave

rag

e

(3)

Lo

w

(1)

Hi

gh

(1

)

3

Low

F.M.

YES

3

0

Ave

rag

e

(3)

Lo

w

(1)

Hi

gh

(1

)

3

Low

F.M.

YES

Social responsibility

3

1

Ave

rag

e

(3)

Lo

w

(1)

Hi

gh

(1

)

3

Low

S.M./

H.R.

YES

3.2.5 Communication and Risk Overview

At each stage of the risk assessment, communication

with important stakeholders (e.g., heads of

departments, company-wide communication,

regulators, customers, and consumers) was

maintained to enable the proper and seamless

execution of appropriate strategies and solutions for

risk reduction. Finally, because the pandemic is a

dynamic phenomenon that continues to exist and

poses a threat to the global population, the

corporation closely watches it and employs every

method and measure available to keep it under

control. As a result of the pandemic's nature, risk

review is a continuing process that requires the

company to periodically re-evaluate the risk

assessment and operational effect in light of global

and national events and the company's commercial

objectives.

3.3 Results Discussion

The company, with its expertise and experience in

implementing the ISO 9001 quality assurance

system, understood the needs of the ISO 22031

management standard for business continuity and

tackled the disorganizing incident using management

system fundamentals. The new High-Level Structure

aided the company in identifying and meeting the two

management standards' shared requirements for:

• the organization's operational structure,

an awareness of stakeholders'

expectations, and compliance with legal

and regulatory requirements. The

specific requirements already defined by

the application of ISO 9001 were

examined in order to incorporate the

needs for business continuity

management.

• the management commitment, which,

aware that one of the most critical

elements of successful management

system implementation is the

management's absolute commitment to

this direction, acted appropriately by

communicating its policy to ensure

business continuity and the necessary

resources to all involved.

• the systematic and expedited

implementation of the business

continuity strategy by identifying,

analyzing, assessing, and addressing

identified dangers and opportunities.

• the study of operational effect and the

design of strategies and solutions

necessary to avoid and/or mitigate risks,

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

628

Volume 18, 2022

but also the necessary changes and

improvements to the existing quality

management system to assure its quality.

product and the health of the patient.

• the performance appraisal, since the

organization incorporated points

regarding the performance of the

business continuity plan's

implementation as inputs into the

already-existing management review

process.

• the company's fundamental policy of

continuous improvement of its systems.

The company used a risk-based strategy to assess

potential hazards, opportunities, and operational

implications related with the COVID-19 pandemic.

The risk assessment is regarded as one of the most

critical, if not the most critical, steps in developing a

business continuity strategy (Păunescu & Argatu,

2020; Torabi et al., 2016). In identifying threats,

opportunities, and impacts, the company applied a

recognized risk management approach and risk

analysis tools to proceed with the identification,

analysis, evaluation, control, and reduction to an

acceptable level. As demonstrated in the case study

analysis, the risk analysis approach has a broad scope

and can be applied to any disorganized event due to

its universal and reliable application (Jamaludin et

al., 2020; Nakat & Bou-Mitri, 2021). The risk

strategy is now the beginning point for organizational

culture change, both in terms of product and service

quality assurance and business continuity.

The Improvement Cycle approach, which is a

fundamental principle of both the ISO 9001: 2015

quality standard and the ISO 22301: 2019 business

continuity standard, was adopted by the company to

implement the design, implementation, and control of

the actions necessary to ensure the company's

operation, as well as to improve the product quality

management system and business continuity.

Along with the risks identified, the company

evaluated the opportunities presented by the COVID-

19 pandemic, including the following:

• Using remote work as a more flexible

and efficient work pattern.

• Using new technologies and improving

existing ones

• Improving the company's cybersecurity

procedures

• Improving employee care. Possibility of

social contribution

• Enhancing client relations

• Boosting the company's reputation and

credibility

• Boosting the quality system

• Enhancing business continuity practices.

• Possibility of ISO 22301 certification.

Taking into account the foregoing and the

requirements of the business continuity management

model, the company established an interdepartmental

Crisis Management Team (CRC) at the start of the

COVID-19 pandemic manifestation. The CRC was

responsible for assessing the risk and operational

impact, including the suspension scenario, but also

for all actions that would be taken during the

pandemic period.

As part of the firm's efforts to avoid and/or mitigate

recognized risks, all employees received training on

COVID-19 symptoms and prevention by e-mail and

SMS from the Human Resources (HR) department,

which was responsible for monitoring any health

issues affecting company personnel. Additionally,

the company has established a telephone medicine

consulting service for COVID-19 with the goal of

giving accurate information and counseling from

healthcare professionals, as well as managing high-

risk populations effectively. Employees were urged

to practice social distance in their regular tasks

through the placement of pertinent educational

posters. All necessary infection protection materials

(basic surgical masks, surface cleaners, disposable

gloves, etc.) and alcohol hand sanitizers have been

distributed throughout the company's facilities,

ensuring that each employee has access. Weekly

disinfection of all facilities was planned and executed

in conjunction with daily cleaning and disinfection of

all offices and public areas. Despite the preventive

maintenance of all air conditioners, the personnel was

asked to avoid using air conditioners and instead

work with open windows (where applicable). The

corporation developed work-from-home policies for

a significant portion of its workforce in order to

reduce the risk of contamination on the company's

facilities. Another mitigation measure implemented

by the organization was a meticulously designed shift

schedule for all employees working in offices and

facilities. To comply with federal requirements about

the spread of COVID-19, the company allowed all

workers to work either full-time from home or on a

flexible schedule while keeping social distance.

Additionally, the corporation conducted additional

recruitments to ensure that sufficient staff were

available in each production unit.

Additionally, the company has implemented

mandatory measures that must be followed on a daily

basis, including:

• the use of a face mask in all premises,

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

629

Volume 18, 2022

• thermal scanning at each entry point for

all employees / visitors entering the

company premises,

• 14 days off work following annual leave,

and a free COVID-19 examination prior

to returning.

Visitors were denied access to all departments of the

corporation, and all business visits inside and outside

of Greece were canceled. Visitors were permitted

only in exceptional circumstances and upon

presentation of a signed "Visitor Identification

Statement" attesting to their responsibility for

previous travels to countries with an increase in

COVID-19 cases or if they had recently contracted

COVID-19. Additionally, all internal and external

meetings are conducted via video conference or

video conferencing. Concerning customer and

authority controls, the company established an

alternative method of remote / virtual control with the

assistance and support of the IT department and the

use of appropriate communication platforms. The

aforementioned actions are consistent with the

practices described in the literature for managing

personnel and potentially product quality during a

pandemic (Jamaludin et al., 2020; Nakat & Bou-

Mitri, 2021; Tuzovic & Kabadayi, 2021), and the

World Health Organization's (WHO) guidelines

(O’Neill, 2020).

The IT department provided the essential equipment

(computers, mobile phones, and VPN access) and

VPN access to the company's remote personnel in

order to assure each user's safe and productive remote

connection. The already-existing IT Support Office

(Helpdesk) provided further support to all remote

employees. The IT department has integrated modern

meeting platforms (MS Teams, Go to Meeting) into

its business processes to facilitate collaboration

between internal and external stakeholders.

Additionally, the IT department hosted online

cybersecurity workshops to safeguard the

organization from cyber threats, mitigate the severity

of attacks, and ensure that business operations

continue to run smoothly. Additionally, policies for

remote work and internet use have been established,

as have measures to defend the organization from

hostile attacks. The aforementioned actions are

consistent with similar practices mentioned in the

literature regarding the actions that must be taken to

ensure the company's information systems and

cybersecurity (Malecki, 2020; Papadopoulos et al.,

2020; Papagiannidis et al., 2020), as well as the WHO

guidelines (O’Neill, 2020).

The supply chain is significantly impacted by the

pandemic, as it is difficult to prevent the virus from

spreading through the flow of commodities.

Numerous practices are described in the supply chain

management literature (El Baz & Ruel, 2021;

Karmaker et al., 2021; Rajesh, 2021; Suresh et al.,

2020), and in these the company contacted all

suppliers to check delivery of all outstanding orders

and to assure the safety of its fundamental raw

material inventory (Active substances, Excipients

and other raw materials). Additionally, the

corporation sought, where possible, early supplies of

raw materials and ensured the availability of

alternative suppliers while considering any additional

expenses associated with transportation, tariffs, and

anticipated price hikes. Contact material and service

providers to explore any ramifications for their work

and how they plan to maintain business continuity

during the COVID-19 pandemic.

The financial management department, with the

cooperation of top management, has implemented a

plan to ensure the company's financial liquidity. To

this end, the company reached an agreement with

local banks for additional lending facilities, financing

a short-term potential increase in the company's

working capital, as a practical demonstration of the

top management's commitment to securing the

necessary resources and ensuring the company's

business continuity and compliance with its

obligations during the pandemic.

As part of its social responsibility activities, the

company has provided free antiseptics to strengthen

health institutions, logistical infrastructure (masks,

gloves, etc.) to local governments, organized blood

donations in accordance with COVID-19

requirements, and supported charities via an online

fundraiser and a virtual marathon.

Finally, the company managed based on its

experience and expertise in evaluating,

implementing, maintaining, documenting, and

maintaining a management system, as well as by

applying the risk management methodology to

respond quickly and efficiently to a disorganizing

event, while taking into account applicable legal and

regulatory requirements and adapting while

maintaining its commitment to continuous

improvement of its products and services.

4 Conclusion

The paper demonstrated the methods used by a

pharmaceutical company to ensure business

continuity during the COVID-19 pandemic. The

theoretical foundation for the risk analysis was

established by comparing and contrasting the

requirements of ISO 9001: 2015 and ISO 22301:

2019. The similarities and variations in the

requirements of management standards ISO 9001:

2015 and ISO 22301: 2019 shown the management

standards' structural requirements are aligned and

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

630

Volume 18, 2022

their executive departments are distinct, owing to the

subject matter they cover. Finally, a specific

emphasis was placed on all aspects of the business

continuity management model that link directly or

indirectly to the risk approach. The theoretical

background analysis was conducted to interpret the

approach and methodology used by a pharmaceutical

company during the COVID-19 pandemic to ensure

business continuity by adhering to quality

management and business continuity, risk

management standards, as well as its know-how and

structured approach to problem solving.

Additionally, the study's objective was to emphasize

the critical nature of harmonizing the requirements of

various management standards in order to make it

easier for firms to develop and operate an integrated

management system. In this regard, a future study

might focus on further developing the method of

harmonizing the various management standards, as

well as on the risk and operational impact of other

disorganizing occurrences. Finally, given the

pandemic's unique characteristics and the fact that

many of the measures taken to manage this health

crisis are heavily reliant on the human factor and

individual accountability, it is concluded that the

pharmaceutical company studied successfully

developed an effective action plan in order to

mitigate identified risks to acceptable levels,

maintain business continuity, and ensure the

product's quality.

References:

[1] Abou-El-Enein, M., Römhild, A., Kaiser, D.,

Beier, C., Bauer, G., Volk, H.-D., & Reinke, P.

(2013). Good Manufacturing Practices (GMP)

manufacturing of advanced therapy medicinal

products: a novel tailored model for optimizing

performance and estimating costs. Cytotherapy,

15(3), 362–383.

https://doi.org/10.1016/j.jcyt.2012.09.006

[2] Djalante, R., Shaw, R., & DeWit, A. (2020).

Building resilience against biological hazards

and pandemics: COVID-19 and its implications

for the Sendai Framework. Progress in Disaster

Science, 6, 100080.

https://doi.org/10.1016/j.pdisas.2020.100080

[3] Donthu, N., & Gustafsson, A. (2020). Effects of

COVID-19 on business and research. Journal of

Business Research, 117, 284–289.

https://doi.org/10.1016/j.jbusres.2020.06.008

[4] El Baz, J., & Ruel, S. (2021). Can supply chain

risk management practices mitigate the

disruption impacts on supply chains’ resilience

and robustness? Evidence from an empirical

survey in a COVID-19 outbreak era.

International Journal of Production Economics,

233, 107972.

https://doi.org/10.1016/j.ijpe.2020.107972

[5] Huremović, D. (2019). Brief History of

Pandemics (Pandemics Throughout History). In

Psychiatry of Pandemics (pp. 7–35). Springer

International Publishing.

https://doi.org/10.1007/978-3-030-15346-5_2

[6] Ioannidis, J. P. A. (2021). Infection fatality rate

of COVID-19 inferred from seroprevalence

data. Bulletin of the World Health Organization,

99(1), 19-33F.

https://doi.org/10.2471/BLT.20.265892

[7] Jamaludin, S., Azmir, N. A., Mohamad Ayob,

A. F., & Zainal, N. (2020). COVID-19 exit

strategy: Transitioning towards a new normal.

Annals of Medicine and Surgery, 59, 165–170.

https://doi.org/10.1016/j.amsu.2020.09.046

[8] Jebril, N. (2020). World Health Organization

Declared a Pandemic Public Health Menace: A

Systematic Review of the Coronavirus Disease

2019 “COVID-19.” SSRN Electronic Journal.

https://doi.org/10.2139/ssrn.3566298

[9] Karmaker, C. L., Ahmed, T., Ahmed, S., Ali, S.

M., Moktadir, M. A., & Kabir, G. (2021).

Improving supply chain sustainability in the

context of COVID-19 pandemic in an emerging

economy: Exploring drivers using an integrated

model. Sustainable Production and

Consumption, 26, 411–427.

https://doi.org/10.1016/j.spc.2020.09.019

[10] Larsen, J. R., Martin, M. R., Martin, J. D., Kuhn,

P., & Hicks, J. B. (2020). Modeling the Onset of

Symptoms of COVID-19. Frontiers in Public

Health, 8.

https://doi.org/10.3389/fpubh.2020.00473

[11] Leite, H., Hodgkinson, I. R., & Gruber, T.

(2020). New development: ‘Healing at a

distance’—telemedicine and COVID-19. Public

Money & Management, 40(6), 483–485.

https://doi.org/10.1080/09540962.2020.174885

5

[12] Malecki, F. (2020). Overcoming the security

risks of remote working. Computer Fraud &

Security, 2020(7), 10–12.

https://doi.org/10.1016/S1361-3723(20)30074-

9

[13] Nakat, Z., & Bou-Mitri, C. (2021). COVID-19

and the food industry: Readiness assessment.

Food Control, 121, 107661.

https://doi.org/10.1016/j.foodcont.2020.107661

[14] O’Neill, R. (2020). WHO Knew. How the

World Health Organization (WHO) Became a

Dangerous Interloper on Workplace Health and

Safety and COVID-19. NEW SOLUTIONS: A

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

631

Volume 18, 2022

Journal of Environmental and Occupational

Health Policy, 30(3), 237–248.

https://doi.org/10.1177/1048291120961337

[15] Papadopoulos, T., Baltas, K. N., & Balta, M. E.

(2020). The use of digital technologies by small

and medium enterprises during COVID-19:

Implications for theory and practice.

International Journal of Information

Management, 55, 102192.

https://doi.org/10.1016/j.ijinfomgt.2020.10219

2

[16] Papagiannidis, S., Harris, J., & Morton, D.

(2020). WHO led the digital transformation of

your company? A reflection of IT related

challenges during the pandemic. International

Journal of Information Management, 55,

102166.

https://doi.org/10.1016/j.ijinfomgt.2020.10216

6

[17] Păunescu, C., & Argatu, R. (2020). CRITICAL

FUNCTIONS IN ENSURING EFFECTIVE

BUSINESS CONTINUITY MANAGEMENT.

EVIDENCE FROM ROMANIAN

COMPANIES. Journal of Business Economics

and Management, 21(2), 497–520.

https://doi.org/10.3846/jbem.2020.12205

[18] Rajesh, R. (2021). Flexible business strategies to

enhance resilience in manufacturing supply

chains: An empirical study. Journal of

Manufacturing Systems, 60, 903–919.

https://doi.org/10.1016/j.jmsy.2020.10.010

[19] Sahebjamnia, N., Torabi, S. A., & Mansouri, S.

A. (2015). Integrated business continuity and

disaster recovery planning: Towards

organizational resilience. European Journal of

Operational Research, 242(1), 261–273.

https://doi.org/10.1016/j.ejor.2014.09.055

[20] Suresh, N., Sanders, G. L., & Braunscheidel, M.

J. (2020). Business Continuity Management for

Supply Chains Facing Catastrophic Events.

IEEE Engineering Management Review, 48(3),

129–138.

https://doi.org/10.1109/EMR.2020.3005506

[21] Torabi, S. A., Giahi, R., & Sahebjamnia, N.

(2016). An enhanced risk assessment framework

for business continuity management systems.

Safety Science, 89, 201–218.

https://doi.org/10.1016/j.ssci.2016.06.015

[22] Tuzovic, S., & Kabadayi, S. (2021). The

influence of social distancing on employee well-

being: a conceptual framework and research

agenda. Journal of Service Management, 32(2),

145–160. https://doi.org/10.1108/JOSM-05-

2020-0140

Appendix

Table 6: Comparison of the Structure of ISO

22301: 2019 & ISO 9001: 2015

ISO 22301:2019

ISO 9001:2015

1

Objectives

1

Objectives

2

Standard

References

2

Standard

References

3

Terms and

Definitions of

Concepts

3

Terms and

Definitions of

Concepts

4

Operating

Framework of

the Organization

4

Operating

Framework of

the Organization

4.1

Understanding of

the Organization

and its operating

framework

4.1

Understanding of

the Organization

and its operating

framework

4.2

Understanding the

needs and

expectations of

stakeholders

4.2

Understanding the

needs and

expectations of

stakeholders

4.2.1

General

~

4.2.2

Legal and

regulatory

requirements

~

4.3

Defining the

scope of the

business

continuity

management

system

4.3

Defining the

scope of the

quality

management

system

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

632

Volume 18, 2022

ISO 22301:2019

ISO 9001:2015

4.3.1

General

~

4.3.2

Scope of the

business

continuity

management

system

~

4.4

Business

continuity

management

system

4.4

Quality

management

system and its

processes

5

Leadership

5

Leadership

5.1

Leadership and

commitment

5.1

Leadership and

commitment

5.1.1

General

5.1.2

Customer focus

5.2

Policy

5.2

Policy

5.2.1

Establishment of

business

continuity policy

5.2.1

Establishing

quality policy

5.2.2

Disclosure of

business

continuity policy

5.2.2

Communication

of quality policy

5.3

Roles,

responsibilities

and jurisdictions

5.3

Roles,

responsibilities

and

responsibilities

within the

Organization

ISO 22301:2019

ISO 9001:2015

6

Planning and

programming

6

Planning and

programming

6.1

Threats and

opportunities

6.1

Threats and

opportunities

6.1.1

Identify threats

and opportunities

~

6.1.2

Dealing with

threats and seizing

opportunities

~

6.2

Business

continuity goals

and planning and

planning to

achieve them

6.2

Quality goals and

design to achieve

them

6.2.1

Establish business

continuity goals

~

6.2.2

Defining business

continuity goals

~

6.3

Planning and

scheduling

changes in the

business

continuity

management

system

6.3

Change planning

7

Support

7

Support

7.1

Resources

7.1

Resources

~

7.1.1

General

~

7.1.2

Staff

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

633

Volume 18, 2022

ISO 22301:2019

ISO 9001:2015

~

7.1.3

Infrastructure

~

7.1.4

Environment for

the operation of

processes

~

7.1.5

Monitoring and

measurement

resources

~

7.1.6

Business

knowledge

7.2

Professional

competence

7.2

Professional

competence

7.3

Awareness

7.3

Awareness

7.4

Contact

7.4

Contact

7.5

Documented

information

7.5

Documented

information

7.5.1

Generally

7.5.1

General

7.5.2

Create and update

7.5.2

Create and update

7.5.3

Verification of

documented

information

7.5.3

Verification of

documented

information

8

Operation

8

Operation

8.1

Design and

operation control

8.1

Design, operation

and control of

processes

ISO 22301:2019

ISO 9001:2015

8.2

Business Impact

Analysis and Risk

Assessment

8.2

Requirements for

products and

services

8.2.1

General

8.2.1

Communication

with the

customers

8.2.2

Business Impact

Analysis

8.2.2

Determining the

requirements for

products and

services

8.2.3

Risk assessment

8.2.3

Review of

product and

service

requirements

~

8.2.4

Changes in

product and

service

requirements

8.3

Business

continuity

strategies and

solutions

8.3

Design and

development of

products and

services

8.3.1

General

8.3.1

General

8.3.2

Identification of

strategies and

solutions

8.3.2

Elaboration of a

plan for design

and development

8.3.3

Selection of

strategies and

solutions

8.3.3

Inbound design

and development

8.3.4

Resource

requirements

8.3.4

Design and

development

control

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

634

Volume 18, 2022

ISO 22301:2019

ISO 9001:2015

8.3.5

Implementation of

solutions

8.3.5

Design and

development

results

~

8.3.6

Changes in design

and development

8.4

Business

continuity plans

and procedures

8.4

Control of

processes,

products and

services provided

by external parties

8.4.1

General

8.4.1

General

8.4.2

Response

structure

8.4.2

Type and scope of

control

8.4.3

Warning and

communication

8.4.3

Information

disclosed to

external providers

8.4.4

Business

continuity plans

~

8.4.5

Recovery or

reorganization

~

8.5

Pilot exercise

program

8.5

Production of

products and

provision of

services

~

8.5.1

Control of

production of

products and

provision of

services

~

8.5.2

Identification and

traceability

ISO 22301:2019

ISO 9001:2015

~

8.5.3

Property owned

by customers or

external providers

~

8.5.4

Preservation

~

8.5.5

Activities after

delivery

~

8.5.6

Change control

8.6

Assessment of

documentation

and capabilities of

business

continuity

8.6

Release of

products and

services

~

8.7

Control of non-

compliant results

9

Performance

evaluation

9

Performance

evaluation

9.1

Monitoring,

measurement,

analysis and

evaluation

9.1

Monitoring,

measurement,

analysis and

evaluation

~

9.1.1

General

~

9.1.2

Customer

satisfaction

~

9.1.3

Analysis and

evaluation

9.2

Internal

inspection

9.2

Internal

inspection

9.2.1

General

~

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

635

Volume 18, 2022

ISO 22301:2019

ISO 9001:2015

9.2.2

Schedule (s) of

inspection

~

9.3

Management

review

9.3

Management

review

9.3.1

General

9.3.1

General

9.3.2

Inbox review by

Management

9.3.2

Inbox review by

Management

9.3.3

Management

results from the

Management

9.3.3

Management

results from the

Management

10

Improvement

10

Improvement

10.1

Non-compliance

and corrective

actions

10.1

General

10.2

Continuous

improvement

10.2

Non-compliance

and corrective

actions

~

10.3

Continuous

improvement

Table 7: Sections of ISO 9001: 2015 and ISO 22301:

2019 and their Correspondence to the Improvement

Cycle

Improvement

Cycle

Παράγραφος

ISO 9001:2015

Παράγραφος

ISO 22301:2019

Section 1 -

Subject matter

Section 1 -

Subject matter

Section 2 -

Standard

Reference

Section 2 -

Standard

Reference

Section 3 -

Terms and

Definitions of

Concepts

Section 3 -

Terms and

Definitions of

Concepts

Plan

Section 4 -

Operating

Framework of

the Organization

Section 5 -

Leadership

Section 6 - Plan

Section 4 -

Operating

Framework of

the Organization

Section 5 -

Leadership

Section 6 – Plan

& Programming

Execute

Section 7 -

Support

Section 8 -

Operation

Section 7 -

Support

Section 8 -

Operation

Control

Section 9 -

Performance

Evaluation

Section 9 -

Performance

Evaluation

Improve

Section 10 -

Improvement

Section 10 -

Improvement

Table 8: Actions to avoid and / or reduce the

risk for each identified threat and to classify

them as "Level A- (A)" or "Level B- (B)"

actions.

No.

Actions to avoid and / or reduce the risk

Disorganization event management

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

636

Volume 18, 2022

No.

Actions to avoid and / or reduce the risk

1

 Recommendation Crisis Management and

Replacement Team- (A)

 Human Resources Management- (A)

 Health and personal hygiene - (A)

 Supplier Management- (B)

 Inventory Management- (Α)

 Customer Support- (B)

 Remote work- (Α)

 Irt Virtual audit support - (Β)

 Activation of internal procedures- (A)

 Cleaning and disinfection of facilities- (A)

 Infection control- (A)

 Human Resources Department

Announcements (A)

 Frequent updates through the employees

corner (Website employees corner) - (Β)

 Weekly management communication with

employees- (Β)

 Posting of personal hygiene and health care

instructions in conspicuous places inside the

premises- (Α)

 Check body temperature before entering the

facility- (Β)

 Free laboratory tests for COVID-19 in staff at

a predetermined frequency- (B)

2

 Recommendation Crisis Management and

Replacement Team - (A)

 Review of the effectiveness of the

management of the disorganizing event

during the process of the Review by the

Management. - (Β)

 Implementation of internal procedures for

dealing with a disorganizing event and

maintaining business continuity- (A)

 Implementation of internal procedures in

order to ensure the quality of the product and

the health of the patient- (A)

3

 Ongoing information on current legal and

regulatory requirements - (A)

 Appointment of staff to monitor legal and

regulatory requirements- (A)

Staff management

4

 Providing free medical advice by phone- (A)

 Encouragement to reduce unnecessary travel-

(A)

 Encouraging social distancing - (A)

No.

Actions to avoid and / or reduce the risk

 Remote work based on staff rolling schedule-

(A)

 Special care for vulnerable groups (e.g.,

teleworking, special purpose licenses without

loss of income, free laboratory tests) - (Α)

 Determination of the maximum allowed

number of employees per workplace, in

accordance with the existing provisions of the

state- (Β)

 Provided logistics (E.g., masks, gloves, robes,

70% ethanol etc.) - (Α)

 Coverage of travel expenses of employees to

and from work for the purpose of individual

movement of staff- (Β)

 Guest Identification Statement- (B)

 Human Resources Department

Announcements (A)

 Frequent updates through the employees’

corner (Website employees’ corner) - (Β)

 Weekly management communication with

employees- (Β)

 Training of staff in matters of personal

hygiene- (A)

 Posting of personal hygiene and health care

instructions in conspicuous places inside the

premises- (Α)

 Check body temperature before entering the

facility- (Β)

 Free laboratory tests for COVID-19 in staff at

a predetermined frequency- (B)

5

 Promotion of new recruitments- (Β)

 Remote work based on staff rolling schedule-

(A)

6

 Training of staff in matters of personal

hygiene- (A)

 Posting of personal hygiene and health care

instructions in conspicuous places inside the

premises- (Α)

 Encouraging social distancing - (A)

 Determination of the maximum allowed

number of employees per workplace, in

accordance with the existing provisions of the

state- (Β)

 Provided logistics (Eg masks, gloves, robes,

70% ethanol etc) - (Α)

 Free laboratory tests for COVID-19 in staff at

a predetermined frequency- (B)

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

637

Volume 18, 2022

No.

Actions to avoid and / or reduce the risk

 Check body temperature before entering the

facility- (Β)

7

 Guest Identification Statement- (B)

 Encouraging social distancing - (A)

 Provided logistics (E.g., masks, gloves, robes,

70% ethanol etc.) - (Α)

 Prerequisite negative laboratory test COVID-

19- (A)

 Check body temperature before entering the

facility- (Β)

8

 Training of staff in matters of personal

hygiene- (A)

 Posting of personal hygiene and health care

instructions in conspicuous places inside the

premises- (Α)

 Encouraging social distancing - (A)

 Determination of the maximum allowed

number of employees per workplace, in

accordance with the existing provisions of the

state- (Β)

 Provided logistics (E.g., masks, gloves, robes,

70% ethanol etc.) - (Α)

 Free laboratory tests for COVID-19 in staff at

a predetermined frequency- (B)

 Check body temperature before entering the

facility- (Β)

9

 Posting of announcements of human

resources department in common areas- (Α)

 Sending newsletters via email and SMS- (Α)

 Information of the staff by the supervisors-

(Α)

 Frequent updates through the employees

corner (Website employees corner) - (Β)

 Weekly management communication with

employees- (Β)

Remote work and computer security

10

 Settlement with IT equipment suppliers- (A)

 Needs assessment in IT and technology

products- (A)

 Placement of required orders- (Α)

 Additional funding for IT procurement - (A)

 Acceleration of relevant implementation

processes (Fast track) - (Α)

11

 IT Infrastructure- (A)

 Online cyber security training for staff- (B)

 Continuous IT support- (A)

No.

Actions to avoid and / or reduce the risk

 Remote access via VPN-

 Implementing a remote work policy - (B)

 Implement internet usage policy- (B)

 Integration of meeting platforms- (A)

 Daily or weekly department meetings- (Β)

12

 IT infrastructure- (DA)

 Online cyber security training for staff- (B)

 Continuous IT support- (A)

 Remote access via VPN-

 Implementing a remote work policy - (B)

 Implement internet usage policy- (B)

13

 Maintenance of IT infrastructure- (A)

 Online cyber security training for staff- (B)

 Continuous IT support- (A)

 Implementing Remote Labor Policy (B)

 Implement internet usage policy- (B)

14

 IT infrastructure- (A)

 Online cyber security training for staff- (B)

 Continuous IT support- (A)

 Remote access via VPN-

 Implementing a remote work policy - (B)

 Implement internet usage policy- (B)

Facilities

15

 Application of internal cleaning and

disinfection procedures of the premises- (A)

 Retraining of staff in the procedures of

cleaning and disinfection of premises - (A)

 Training of staff in matters of personal

hygiene- (A)

 Retraining of staff in clothing processes to

production rooms- (A)

 Posting of personal hygiene and health care

instructions in conspicuous places inside the

premises- (Α)

 Encouraging social distancing - (A)

 Determination of the maximum allowed

number of employees per workplace, in

accordance with the existing provisions of the

state- (Β)

 Provided logistics (Eg masks, gloves, robes,

70% ethanol etc) - (Α)

 Coverage of travel expenses of employees to

and from work for the purpose of individual

movement of staff- (Β)

 Guest Identification Statement- (B)

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

638

Volume 18, 2022

No.

Actions to avoid and / or reduce the risk

 Frequent cleaning and disinfection of

facilities according to the internal cleaning

and disinfection procedures- (Α)

 Check body temperature before entering the

facility- (Β)

 Free laboratory tests for COVID-19 in staff at

a predetermined frequency- (B)

16

 Remote work based on staff rolling schedule-

(A)

 Training of staff in matters of personal

hygiene- (A)

 Posting of personal hygiene and health care

instructions in conspicuous places inside the

premises- (Α)

 Encouraging social distancing - (A)

 Determination of the maximum allowed

number of employees per workplace, in

accordance with the existing provisions of the

state- (Β)

 Provided logistics (Eg masks, gloves, robes,

70% ethanol etc) - (Α)

 Coverage of travel expenses of employees to

and from work for the purpose of individual

movement of staff- (Β)

 Frequent cleaning and disinfection of

facilities by external services, in addition to

the production areas

 Check body temperature before entering the

facility- (Β)

 Free laboratory tests for COVID-19 in staff at

a predetermined frequency- (B)

17

 Training of staff in matters of personal

hygiene- (A)

 Posting of personal hygiene and health care

instructions in conspicuous places inside the

premises- (Α)

 Encouraging social distancing - (A)

 Determination of the maximum allowed

number of employees per workplace, in

accordance with the existing provisions of the

state

 Provided logistics (Eg masks, gloves, robes,

70% ethanol etc) - (Α)

 Coverage of travel expenses of employees to

and from work for the purpose of individual

movement of staff- (Β)

 Frequent cleaning and disinfection of

facilities by external services- (A)

No.

Actions to avoid and / or reduce the risk

 Check body temperature before entering the

facility- (Β)

 Free laboratory tests for COVID-19 in staff at

a predetermined frequency- (B)

18

 Training of staff in personal hygiene issues-

(A)

 Posting of personal hygiene and health care

instructions in conspicuous places inside the

premises- (Α)

 Determination of the maximum allowed

number of employees per workplace, in

accordance with the existing provisions of the

state- (Β)

 Provided logistics (Eg masks, gloves, robes,

70% ethanol etc) - (Α)

 Coverage of travel expenses of employees to

and from work for the purpose of individual

movement of staff- (Β)

19

 Suspension of the visit by external partners

for unnecessary reasons- (A)

 Guest Identification Statement- (B)

 Determination of the maximum allowed

number of employees per workplace, in

accordance with the existing provisions of the

state- (Β)

 Provided logistics (Eg masks, gloves, robes,

70% ethanol etc) - (Α)

 Integration of meeting platforms- (A)

 Remote / virtual control procedure (remote

audit) - (Α)

 Prerequisite is the negative laboratory test

COVID-19- (A)

 Check body temperature before entering the

facility- (Β)

 Visitors are allowed only in special cases and

only after providing the signed "Visitor

Identification Statement" - (Β)

20

 Training of external collaborators in matters

of personal hygiene- (B)

 Posting of personal hygiene and health care

instructions in conspicuous places inside the

premises- (Α)

 Encouraging social distancing - (DA)

 Provided logistics (Eg masks, gloves, robes,

70% ethanol etc) - (Α)

 Visitors are allowed only in special cases and

only after providing the signed "Visitor

Identification Statement" - (Β)

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

639

Volume 18, 2022

No.

Actions to avoid and / or reduce the risk

 Frequent cleaning and disinfection of

facilities by external services, in addition to

the production areas

 Check body temperature before entering the

facility- (Β)

21

 Remote work- (Α)

 Modified shifts- (Α)

 Staff encouragement (A)

 Training of staff in matters of personal

hygiene- (A)

 Posting of personal hygiene and health care

instructions in conspicuous places inside the

premises- (Α)

 Encouraging social distancing - (A)

 Provided logistics (Eg masks, gloves, robes,

70% ethanol etc) - (Α)

 Coverage of travel expenses of employees to

and from work for the purpose of individual

movement of staff- (Β)

 Visitors are allowed only in special cases and

only after providing the signed "Visitor

Identification Statement" - (Β)

 Remote / virtual control procedure (remote

audit) - (Α)

 Frequent cleaning and disinfection of

facilities by external services- (A)

 No air recirculation in all areas of the

installation- (Α)

 Check body temperature before entering the

facility- (Β)

 Free laboratory tests for COVID-19 in staff at

a predetermined frequency- (B)

Products and services

22

 Personnel Management- (Α)

 Production of products according to GMP-

(A)

 Implementation and strengthening of the

quality assurance system- (A)

 Application of internal cleaning and

disinfection procedures of production areas-

(A)

 Retraining of staff in the procedures of

cleaning and disinfection of premises - (A)

 Training of staff in the clothing processes to

the production rooms- (A)

 Retraining of staff in clothing processes to

production rooms- (A)

23

No.

Actions to avoid and / or reduce the risk

 Provided logistics (Eg masks, gloves, robes,

70% ethanol etc) - (Α)

 No air recirculation in the production areas-

(A)

 Frequent cleaning and disinfection of

facilities by external services, outside the

production areas- (A)

 Quality control of products during their

production and in the final product- (A)

 Implementation of internal divergence

reporting procedures - (A)

 Implementation of internal product recall

procedures, if necessary- (B)

Supply chain management

24

 Precautionary supply chain management with

inventory management of raw materials,

excipients, packaging materials and

consumables- (Β)

 Timely communication with suppliers- (A)

 Availability of stocks to support demand- (A)

 Proper stock management- (A)

 Hierarchy of orders- (Α)

 Advance Deliveries - (A)

 Alternative suppliers- (Β)

 Review of management procedures and

requirements by suppliers- (B)

25

 Organization of orders in consultation with

customers- (Α)

 Informing the customers about the operations

to ensure business continuity- (A)

 Preventive supply chain management with

inventory management of raw materials,

excipients, packaging materials and

consumables- (Β)

 Timely communication with suppliers- (A)

 Availability of stocks to support demand- (A)

 Proper stock management- (A)

 Hierarchy of orders- (Α)

 Advance Deliveries - (A)

 Alternative suppliers- (Β)

 Review of management procedures and

requirements by suppliers- (B)

26

 Timely communication with transport

companies to ensure the continuity of their

operations, eg strengthening their fleet- (A)

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

640

Volume 18, 2022

No.

Actions to avoid and / or reduce the risk

 Maintaining priority for the company's

missions- (A)

 Update of contracts with transport

companies- (Β)

 Alternative transport companies- (Β)

 Use of proprietary means for the transport of

products, where possible- (Β)

27

 Timely communication with transport

companies to ensure the continuity of their

operations, eg strengthening their fleet- (A)

 Maintaining priority for the company's

missions- (A)

 Update of contracts with transport

companies- (Β)

 Alternative transport companies- (Β)

 Use of proprietary means for the transport of

products, where possible- (Β)

 Immediate communication with customers in

case of delays- (A)

 Transport of products by means of which they

maintain specific environmental conditions-

(A)

 Review of product stability studies- (A)

 Monitoring of transport conditions

(temperature, humidity) using a logger- (A)

Financial management

28

 Actions to strengthen the financial position of

the company by securing additional financial

facilities- (A)

29

 Commitment of the top management to

ensure the continued fulfillment of its

financial obligations to staff and other

stakeholders- (PS)

30

 Commitment of the top management to

ensure the necessary infrastructure in both

logistics and personnel- (A)

Social responsibility

31

 Free production of antiseptics to enhance state

needs- (A)

 Provision of logistical infrastructure (masks,

gloves, etc.) to local authorities- (Β)

 Organization of blood donations in

compliance with the measures for COVID-

19- (Β)

No.

Actions to avoid and / or reduce the risk

 Supporting charities through online

fundraising and virtual marathon- (B)

Contribution of individual authors to

the creation of a scientific article

(ghostwriting policy)

Georgios Chatzistelios carried out:

Conceptualization, Methodology Development &

Project Administration.

Evripidis P. Kechagias carried out:

Writing – Original Draft, Editing and Formal

Analysis.

Sotiris P. Gayialis carried out:

Review & Model Formulation.

Georgios A. Papadopoulos carried out:

Validation & Supervision.

Nikos Spyridonakos carried out:

Writing – Original Draft & Validation.

Creative Commons Attribution

License 4.0 (Attribution 4.0

International , CC BY 4.0)

This article is published under the terms of the

Creative Commons Attribution License 4.0

https://creativecommons.org/licenses/by/4.0/deed.en

_US

WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT

DOI: 10.37394/232015.2022.18.60

G. Chatzistelios, E. P. Kechagias,

S. P. Gayialis, G. A. Papadopoulos,

N. E. Spyridonakos

E-ISSN: 2224-3496

641

Volume 18, 2022