See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/360977425

Business Continuity During the COVID-19 Pandemic Era: Surviving and

Improving the Quality Process Management System

Article in WSEAS TRANSACTIONS ON ENVIRONMENT AND DEVELOPMENT · May 2022

DOI: 10.37394/232015.2022.18.60

CITATIONS READS

2 818

5 authors, including:

Georgios Chatzistelios Evripidis P. Kechagias

National Technical University of Athens National Technical University of Athens
22 PUBLICATIONS 122 CITATIONS 43 PUBLICATIONS 686 CITATIONS

SEE PROFILE SEE PROFILE

Sotiris P. Gayialis Georgios A. Papadopoulos

National Technical University of Athens National Technical University of Athens
94 PUBLICATIONS 1,433 CITATIONS 47 PUBLICATIONS 501 CITATIONS

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Evripidis P. Kechagias on 08 June 2022.

The user has requested enhancement of the downloaded file.

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

Business Continuity During the COVID-19 Pandemic Era: Surviving

and Improving the Quality Process Management System
G. CHATZISTELIOS1, E. P. KECHAGIAS2*, S.P. GAYIALIS3, G.A. PAPADOPOULOS4,
N.E. SPYRIDONAKOS5
1,2,3,4
School of Mechanical Engineering, National Technical University of Athens,
9 Iroon Polytechniou str, Zografou, GREECE
5
Postgraduate Program on Quality Management and Technology, Hellenic Open University,
18 Parodos Aristotelous str, Perivola, Patra, GREECE

Abstract: Worldwide health and the global economy have been heavily damaged by the COVID-19 pandemic,
with business continuity being the primary issue of every company operating in the health industry. A critical
instrument for enterprises' survival is the establishment of a business continuity management system that enables
them to manage risks, discover opportunities created by the pandemic, and secure their continuity. The purpose
of this paper is to examine how a pharmaceutical firm may ensure business continuity by adopting ISO
22301:2019 in parallel with the existing ISO 9001:2015 quality standard, as well as the similarities and
differences between the two management standards. According to the results, the pharmaceutical company,
whose case was studied, managed to create an effective action plan in order to mitigate at an acceptable level the
identified risks, to maintain its business continuity and to ensure the quality of the product and the health of the
patients and its employees.

Key-Words: Business Continuity; Quality; Business Process Management; System; ISO; COVID

Received: May 22, 2021. Revised: April 11, 2022. Accepted: May 9, 2022. Published: May 31, 2022.

1 Introduction To halt the pandemic's global spread, country

Pandemics are a natural occurrence throughout leaders have proposed universal or individual
history, and the question is not whether one will measures such as blockades, curfews, social
occur, but when one will (Huremović, 2019). The isolation, and forced stay at home, all of which might
worldwide community faced a pandemic similar to have a catastrophic impact on a global business level
those that occur every ten to fifty years owing to viral (Donthu & Gustafsson, 2020; Leite et al., 2020). The
mutations in the early years of 2020, the COVID-19 COVID-19 pandemic has forced the closure of
pandemic (Djalante et al., 2020). COVID-19 sickness numerous businesses, causing enormous disruptions
began spreading in China in December 2019 and was in various industries. Most businesses worldwide are
declared a pandemic by the World Health currently struggling to stay afloat, owing to
Organization (WHO) on March 11, 2020, due to the dwindling sales and rising levels of uncertainty about
disease's rapid expansion in the majority of the the future. Therefore, it is critical for businesses to
world's countries (Jebril, 2020). Coronavirus disease conduct a thorough evaluation of their business
is caused by the SARS-CoV-2 virus, which causes a strategy in order to ensure business continuity
respiratory infection and is spread from person to (Donthu & Gustafsson, 2020).
person via the respiratory tract or by touch if proper Businesses' continued operation in the face of
hand hygiene is not practiced. Fever, dry cough, and serious health crises, such as the COVID-19
discharge are the primary symptoms, which typically pandemic, has prompted them to design and
last between two and fourteen days (Larsen et al., implement customized Business Continuity
2020). The virus's rapid spread, the resulting Management Systems (BCMS) based on
complications in patients' health, and the disease's management standards, not only to deal with current
high mortality rate have compelled the world events, but also to deal with future ones (Torabi et al.,
community to take fast action to safeguard human 2016). With the development and implementation of
lives and, secondarily, the economy (Ioannidis, a BCMS, which can also be referred to as a risk
2021). management system, businesses gain an efficient and
effective tool for dealing with any catastrophic event

E-ISSN: 2224-3496 617 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

that could have an irreversible impact on them quality standard, which clearly reflected the new
(Sahebjamnia et al., 2015), for increasing their methodology in its revised 2015 edition. The
operational resilience, but also for identifying comparison of ISO 22301 and ISO 9001, as shown in
potential opportunities (Torabi et al., 2016). A critical Table 6 at the Appendix, demonstrates the new
component of implementing an effective SDR is structure's implementation in both standards. Also, a
identifying, analyzing, evaluating, and responding to key common point in the structure of the standards is
risks that may influence the business, as well as that they should follow the Improvement Cycle, as
recognizing any opportunities that may develop shown in Table 7 at the Appendix, having the same
(Torabi et al., 2016). basic structure with some common requirements and
In the remining of the paper, the most significant ISO differences depending on the subject matter.
standards, ISO 9001: 2015 and ISO 22301: 2019, Comparing the requirements of the two standards for
related to risk management and business continuity the main sections (§4) to (§10) we can observe the
will be discussed and compared. ISO 9001: 2015 following similarities and differences.
"Quality Management Systems-Requirements," is
studied given that risk management is a critical 2.1 Section 4: The Organization’s
component of the structure of the revised Operational Framework
management standards and that the primary objective As illustrated in Table 6 at the Appendix, both
of businesses is to produce and offer high-quality standards adhere to the same structure in terms of the
products to their customers while taking individual organization's operating framework, adjusting their
risks into account. ISO 22301: 2019 "Security and criteria according to the subject matter. ISO 22301:
Emergency Recovery-Business Continuity 2019 specifies in sub-section (§4.1) the identification
Management Systems-Requirements," is studied to of external and internal BCMS issues, the
assist businesses on the difficult path to survival comprehension of stakeholders' needs, expectations,
based on the requirement for an immediate response and requirements (§4.2), and the legal and regulatory
to the COVID-19 pandemic of business operations, requirements by separating them into a separate sub-
as well as the requirement for immediate and paragraph (§4.2.2), which does not exist in ISO 9001.
unrestricted access to information. Sub-section (§4.3) discusses establishing the scope of
After discussing the standards ISO 9001: 2015 the BCMS by defining its limits and application and
and ISO 22301: 2019, as well as their similarities, concludes with the requirement for introducing,
common points, and differences, the paper will implementing, maintaining, and continuously
examine how applying management standards and improving BCMS (§4.4). In comparison, ISO 9001:
risk analysis tools can ensure a pharmaceutical 2015 refers in sub-section (§4.1) to the identification
company's business continuity by adopting ISO of external and internal Quality Management System
22301: 2019 in parallel with the existing quality QMS parameters, to the comprehension of
standard ISO 9000. The paper will also present the stakeholders' demands, expectations, and
results of an analysis of the effectiveness of requirements, as well as to applicable legislation and
management standards in sustaining a regulatory requirements (§4.2). Sub-section (§4.3)
pharmaceutical business's operations and viability also refers to the definition of the QMS's scope,
during a pandemic, as well as the level of taking into account the limits and application of the
preparedness of a company that already uses quality QMS. ISO 9001: 2015 sub-section (§4.3) goes into
systems. Finally, a summary of the structure of the further depth about the establishment,
current work will be presented, together with the implementation, maintenance, and continuous
most significant themes that were addressed, forming development of QMS and makes specific reference
the conclusions section. to QMS processes, which is not the case in ISO
22301: 2019. Finally, both standards emphasize the
2 ISO 22301:2019 vs ISO 9001:2015 importance of having recorded information to
The International Organization for Standardization's support the operation of the BCMS (§4.3.1) or QMS
(ISO) initiative to harmonize management standards (§4.4.1).
by establishing the "New High-Level Structure" to
assist enterprises in simultaneously adopting many 2.2 Section 5: Leadership
management systems is now a given. The ISO 22301 ISO 22301: 2019 sub-section (§5.1) refers to the
management standard was structured according to management's responsibility to take a leading role in
this innovative method from the start, which was demonstrating its commitment to the BCMS by
enhanced in the revised edition of 2019. The same ensuring all aspects of its successful implementation,
was true with the modification of the ISO 9001 including the establishment of an appropriate

E-ISSN: 2224-3496 618 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

business continuity policy for the organization importance of maintaining current information on
(§5.2.1), communication within the organization but business continuity and quality targets (§6.2.1).
also with stakeholders as needed (§5.2.2), and finally,
ensuring that roles, responsibilities, and 2.4 Section 7: Support
responsibilities are sufficient. In comparison to ISO ISO 22301: 2019 and ISO 9001: 2015 section (§7)
9001: 2015, the sub-section (§5.1) is further analyzed both relate to the support required for the BCMS and
in the sub-sections (§5.1.1), which refer to the QMS to be implemented successfully. More
management's responsibility to play a leading role in precisely, in sub-section (§7.1) of ISO 22301: 2019,
demonstrating its commitment to the QMS by reference is made to the resources required for
ensuring all aspects of its successful implementation establishment, implementation, maintenance,
with reference to the process approach and the risk updating, and continuous improvement, without
approach, and (§5.1.2), which refers to the going into greater detail, in contrast to ISO 9001:
management's responsibility to play a leading role in 2015, which analyzes the requirements for internal
demonstrating its commitment to the QMS by and external resources (§7.1.1), personnel (§7.1.2),
ensuring all aspects of its Due to the fact that ISO infrastructure (§7.1.3), and the environment in which
22301: 2019 deals with a different subject area, there processes operate (§7.1.4), resources for monitoring
are no references to the process approach, risk and measuring compliance with requirements for
approach, or customer focus. Additionally, ISO products and services (§7.1.5), resources for tracing
22301: 2019 refers to management's responsibility to measurements (§7.1.5.2), and the essential
ensure that roles, responsibilities, and responsibilities operational expertise for operating processes and
are appropriately defined and accessible throughout achieving product and service conformity (§7.1.6).
the organization in sub-section (§5.3). Finally, both The following sections of the two standards outline a
standards make reference to sub-section (§5.2.2), common structure and requirements for staff
which states that a quality policy or company policy professional competence (§7.2), staff awareness of
must exist as proven information. the organization's policies and objectives (§7.3), and
the requirements for internal and external
2.3 Section 6: Programming and Planning communication (§7.4), all of which are adaptable to
ISO 22301:2019 and ISO 9001:2015 section (§6) the needs of each management system. Finally, both
both pertain to the design and programming of standards make reference to the requirement for
BCMS and QMS. ISO 22301: 2019 specifies the substantiated information to exist (§7.5), to be
requirements for defining (§6.1.1) and addressing created and updated (§7.5.2), and to be verified
threats and seizing opportunities (§6.1.2), (§7.5.3), with a particular emphasis on the
emphasizing that threats and opportunities are related identification and verification of substantiated
to the efficacy of the system. The risk associated with externally generated information.
a disorganizing incident is mentioned in section (§8);
this is a note that is absent from ISO 9001: 2015. 2.5 Section 8: Operation
Additionally, sub-sections (§6.2.1) and (§6.2.2) ISO 22301: 2019 section (§8) and ISO 9001: 2015
examine the establishment and characterization of both refer to the standards for the organization's
business continuity objectives. Finally, there is the operation. Due to the fact that each management
addition of a new sub-section (§6.3), which did not model has a distinct subject matter, the requirements
exist in the previous (§2012) version, which specifies for this part and its structure are entirely unique, with
the requirements for managing changes in the no commonality between the two standards. ISO
planning and scheduling of the SDES in accordance 22301: 2019 sub-section (§8.1) details the
with ISO 9001: 2015 section (§6.3). In comparison to requirements for planning and controlling the
ISO 9001: 2015, sub-section (§6.1) defines the operation of processes, with specific reference to sub-
requirements for identifying (§6.1.1) and managing section (§6.1), as well as the actions for addressing
threats and seizing opportunities (§6.1.2), describing dangers and capitalizing on opportunities. Sub-
in greater detail what should be included in the risk section (§8.2) discusses the requirements for
management choices, which is not the case with ISO operational effect analysis and risk assessment in
22301: 2019. Additionally, it refers to the relation to ISO 31000, which is a common
formulation and defining of quality targets, which are denominator for both standards. Sub-section (§8.3.2)
discussed in sub-sections (§6.2.1) and (§6.2.2). details the requirements for the definition of business
Finally, sub-section (§6.3) specifies the procedures continuity strategies and solutions, while sub-section
for handling modifications to the QMS’s design and (§8.3.3) details the requirements for the selection of
planning. Finally, both standards emphasize the business continuity strategies and solutions, as well

E-ISSN: 2224-3496 619 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

as the resource requirements (§8.3.4) for their identification and utilization of opportunities, non-
implementation (§8.3.5). Sub-section (§8.4) covers compliances and the requirements for dealing with
the requirements for business continuity plans and them, as well as the management, monitoring, and
procedures, the requirements for the response evaluation of corrective actions taken as a result of
structure (§8.4.2), and the requirements for warning non-compliances (§10.1.1, 10.1.2, 10.1.3). In
and communication (§8.4.3), all of which are comparison, ISO 9001: 2015 refers to the
accomplished through documented business identification and exploitation of opportunities, but it
continuity plan procedures (§8.4.4) as well as the goes into greater detail regarding the improvement
criteria for reorganizing the organization following a actions, which include the enhancement of products
disorganizing event (§8.4.5). Finally, sub-section and services, the correction, prevention, and
(§8.5) discusses the requirements for implementing reduction of adverse effects, as well as the
and maintaining an effective exercise and testing enhancement of the performance and effectiveness of
program to validate the effectiveness of business the QMS (§10.1). Additionally, non-compliances and
continuity strategies and solutions, as well as the the requirements for dealing with them are discussed,
requirements for evaluating business continuity as is the method for managing, monitoring, and
documentation and capabilities (§8.6). assessing corrective measures performed in response
to non-compliances (§10.2.1, 10.2.2). Finally, both
2.6 Section 9: Evaluation of Performance standards require the existence of validated
ISO 22301: 2019 and ISO 9001: 2015 section (§9) information demonstrating the type of non-
both refer to the requirements for evaluating BCSM compliances and the outcomes of corrective efforts,
and QMS. More precisely, in sub-section (§9.1) of as well as the continual improvement of the business
ISO 22301: 2019, reference is made to the continuity (§10.2) or quality (§10.3) management
requirements for determining what needs to be system.
monitored and measured, for monitoring,
measurement, analysis, and evaluation methods, as 2.8 Conclusions from the Comparison
well as for when and by whom monitoring, Considering the comparisons made between the two
measurement, analysis, and evaluation are standards, some critical conclusions may be drawn. It
performed. The requirement to identify the staff or is evident that by applying the "New High-Level
team responsible for monitoring, measuring, and Structure" to the two ISO standards 22301: 2019 and
analysis is new, and does not appear in the ISO 9001: ISO 9001: 2015, the standards can be harmonized in
2015 standard. In comparison, ISO 9001: 2015 terms of their structure and the common requirements
maintains the same general requirements for they share for the bulk of their sections. A critical
monitoring, measurement, analysis, and evaluation point of convergence in the construction of
(§9.1.1), but adds requirements for monitoring the management standards is that they are all based
degree to which customer needs and expectations are around the Improvement Cycle, as illustrated in
met (§9.1.2), as well as for the analysis and Table 7 at the Appendix, with a similar fundamental
evaluation of relevant data and information on structure but with some common requirements and
product and service compliance, customer changes depending on the subject matter. The two
satisfaction, the performance and effectiveness of standards now share even more requirements than in
SBS, and the effectiveness of threats and previous versions, including the operational
opportunities (§9.1.3). Both standards establish a framework of the organization in relation to the
common framework and procedures for conducting BCMS or QMS, the leadership position and
internal audits (§9.2), management review (§9.3), commitment, the planning and scheduling of the
incoming information to be considered (§9.3.2), and BCMS or QMS, the treatment of threats and
management review outcomes (§9.3.3), which are opportunities, the resources required for successful
correctly customized to each management system. implementation of the BCMS or QMS, the evaluation
Finally, both standards make reference to the of the performance of the BCMS or QMS processes,
necessity to retain substantiated information as proof and finally the requirement to keep substantiated
of management review results (§9.3.3). information for all individual requirements, always
taking into account the different subject matter.
2.7 Section 10: Improvement In light of the various points, we can deduce the
ISO 22301: 2019 and ISO 9001: 2015 sections (§10) following:
both refer to the requirements for improving the  ISO 9001: 2015 includes a more
BCMS and QMS. More precisely, sub-section extensive sub-section (§4.3) on the
(§10.1) of ISO 22301: 2019 refers to the establishment, implementation,

E-ISSN: 2224-3496 620 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

maintenance, and continuous operation of the organization in section

improvement of QMS and makes (§8); however, due to the distinct subject
specific reference to QMS processes, matter of each management model, the
which is not included in ISO 22301: requirements for this section and its
2019. structure are completely different, with
 The sub-section (§5.1) of ISO 9001: no overlap between the two management
2015 is further analyzed in sub-sections standards.
(§5.1.1) with reference to the  ISO 22301: 2019 and ISO 9001: 2015
management's responsibility to play a sections (§9) both refer to the
leading role in demonstrating its requirements for evaluating BCMS and
commitment to the QMS and ensuring QMS. However, ISO 22301: 2019
all aspects of its successful includes a new requirement for
implementation, with reference to the identifying the staff or team responsible
process approach and the risk approach. for monitoring, measuring, and analysis,
Due to the fact that ISO 22301: 2019 which is not included in the ISO 9001:
deals with a different subject area, there 2015 standard. ISO 9001: 2015 adds
are no references to the process requirements for monitoring the degree
approach, risk approach, or customer to which customer needs and
focus. expectations are met, for analyzing and
 ISO 22301: 2019 sub-section (§6.1.1) evaluating appropriate data and
identifies the requirements for information about the conformity of
identifying and responding to threats and products and services, the degree of
exploiting opportunities (§6.1.2), noting customer satisfaction, the performance
in particular that the threats and and effectiveness of QMS, the
opportunities relate to the effectiveness effectiveness of threats and
of the BCMS, as the risk associated with opportunities, and the need for SBS
the disorganizing event is mentioned in improvement (§9.1.2–9.1.3).
section (§8) – a note that is absent from  Finally, ISO 22301: 2019 and ISO 9001:
ISO 9001: 2015. ISO 9001: 2015 sub- 2015 sections (§10) both allude to the
section (§6.1) details the standards for standards for BCMS and QMS
defining (§6.1.1) and managing threats improvement. ISO 9001: 2015, however,
and seizing opportunities (§6.1.2), goes deeper than ISO 22301: 2019 in
outlining in greater depth the risk terms of improvement actions, which
management solutions available, which include product and service
is not the case with ISO 22301: 2019. enhancement, correction, prevention,
 ISO 22301: 2019 sub-section (§7.1) and reduction of adverse consequences,
makes reference to the resources and enhancement of the QMS's
required for establishment, performance and effectiveness (§10.1).
implementation, maintenance, updating,
and continuous improvement, but
without going into detail, in contrast to
ISO 9001: 2015, which analyzes the 3 Case Study of Business Continuity in
requirements for internal and external
resources, personnel, infrastructure, the
a Pharmaceutical Company due to the
operating environment for processes, COVID-19 Pandemic
and resources for monitoring and After discussing the similarities, common points, and
measuring product and service variations between ISO 9001: 2015 and ISO 22301:
compliance resources for the traceability 2019, this section will discuss how a pharmaceutical
of measurements as well as and the company manages a disorganized occurrence, in this
necessary operational knowledge for the example the COVID-19 pandemic. Despite the lack
operation of its processes and the of ISO 22301 certification, the company maintained
achievement of the conformity of the its business continuity through the application of the
products and services (§§7.1.1-7.1.6). principles of the business continuity and
 Both ISO 22301: 2019 and ISO 9001: reclassification management standard and the know-
2015 refer to the requirements for the how gained through the successful implementation of

E-ISSN: 2224-3496 621 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

the ISO 9001: 2015 quality standard and the rules of

Good Manufacturing Practices (Abou-El-Enein et al., S.M. Senior Management
2013).

3.1 Section 4: The Organization’s P.E. Planning & Exports

Operational Framework
The company is engaged in pharmaceutical
I.T. Informatics
manufacturing and enjoys a significant market share
in the generic pharmaceutical sector. The company's
activities span the whole pharmaceutical value chain, Q.C. Quality Control
from product research to ultimate distribution in
more than 85 countries globally. It is equipped with
two manufacturing facilities dedicated to the P.P. Product Production
manufacture of Solid Pharmaceutical Forms (coated
and uncoated tablets, capsules) and Injectable
Pharmaceutical Forms. The Greek National Q.A. Quality Assurance
Medicines Agency (EOF) has certified the units for
the manufacture of sterile and non-sterile products,
their packaging, and chemical and microbiological H.R. Human Resources
quality control.
The company's quality management system has been
F.M. Financial Management
designed to provide customer / consumer satisfaction
through the provision of high-quality and competitive
products, as well as compliance with Good H.&S. Health & Safety
Manufacturing Practices (GMP) and EOF standards.
To accomplish this purpose, the company has
implemented an ISO 9001-based quality system that C.S. Customer Service
covers all of the company's activities, including
export management and product design.
Additionally, the organization follows an ISO 14001- I. Interdepartmental
compliant Environmental Management System.
As previously stated, the pharmaceutical
company is certified to the ISO 9001: 2015 quality
standard and the Good Manufacturing Practice 3.2 Applying the Risk Assessment
(GMP) guidelines. Internal general operating
procedures (Standard Operating Procedures, SOP) 3.2.1 Risk Assessment and Identification
for risk assessment are implemented in this context. At the beginning of the COVID-19 pandemic, the
The basic method is established in accordance with company set up an interdepartmental Crisis
the ISO 31000 management standard "Risk Management Team (CRM), which included a
Management - Principles and Guidelines" the ISO representative of the Senior Management, IT (IT),
9001 quality standard "Quality Management Systems Human Resources (HR), Financial Management
- Requirements" and the European Medicines Quality Assurance, Planning & Exports, Product
Agency's (EMA) ICH Q9 «Quality Risk Production and Health & Safety. This team was
Assessment» guideline. All the company’s responsible for assessing the risk and operational
departments are presented in Table 1. impact, including the worst-case scenario which was
the suspension, but also for all the measures that
Table 1: The Pharmaceutical Company’s would be taken during the pandemic period. At the
Departments outbreak of the pandemic, CRM applied the
brainstorming technique (Brainstorming) and based
on the professional competence and experience of the
participants proceeded to assess and determine the
Departments
risk and operational impact by category, as presented
below:
1. Disorganization event management
• Risk of suspension

E-ISSN: 2224-3496 622 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

• Inadequate handling of a disorganizing • Risk of patient safety

event 6. Supply chain management
• Inability to meet legal and regulatory • Risk of shortage of raw materials
requirements (Actives, excipients, packaging
2. Personnel management materials) as well as reagents, solvents,
• Risk of spreading the infection to etc., to support the production of
personnel working in production products
facilities • Risk of not being able to provide
• Risk of unavailability of labor due to sick products to customers
leave • Risk of insufficiency of transport
• Risk of increased contamination by companies
personnel returning from leave • Risk of delivery delays and impact on
• Risk of contamination from external products and services
collaborators operating in the production 7. Financial management
unit, laboratories and offices • Risks related to financial liquidity
• Risk of staff misconduct during a • Inability to fulfill financial obligations
pandemic • Inability to provide required resources
• Risk of insufficient staff information 8. Social Responsibility
during the pandemic • Inability to strengthen society
3. Remote operation and computer security
• Risk of not providing adequate 3.2.2 Risk Analysis
equipment (laptops, printers, monitors, During the risk analysis phase, the Risk Priority
etc.) to support remote work (work from Number (RPN) was calculated for each identified
home) due to lack of market threat based on Severity (S), Occurrence Probability
• Risk of failing to maintain cybersecurity (O) and Detection Probability – Detectability (D). In
and productivity when connecting addition, the impact categories were assessed
remotely according to the management standard ISO 22317:
• Risk of unsafe access to the network 2015 "Business Continuity Management Systems -
from remote work (e.g., data theft, Guidelines for Business Impact Analysis" and the
electronic phishing (phishing), malware categories as presented in Table 8 at the Appendix.
attacks) Table 2 demonstrates the categories and examples of
• Risk of non-availability of security at impacts at the level of products and services. Table 3
network and application level presents the threats that were identified as well as the
• Risk of unsafe mobile devices business sectors they have an impact on.
4. Facilities Additionally, the risk and operational impact
• Risk of contamination of the product assessment is analysed in Table 4.
production unit (Suspension of
operation) Table 2: Categories and Examples of Impacts at
• Risk of contamination of offices,
laboratories and ancillary premises ( Not the Level of Products and Services
product production areas) (Suspension
of operation)
• Risk of contamination of warehouses Category of
Impact Examples
(Suspension of operation) Impact
• Risk of infection from insufficient social
distance
• Risk of infection from visitors, auditors, Financial losses due to fines,
contractors and external partners Financial (F) penalties, lost profits or reduced
• Risk of dependence on service providers market share
(e.g., especially those involved in pest
control, facility cleaning, transport
companies, etc.) Negative impact on the
Reputational (R)
• Risk of the health and hygiene of staff company's reputation
5. Products and services
• Risk of product safety and quality

E-ISSN: 2224-3496 623 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

Liability and revocation of Remote work and computer security

Legal and
product production and
Regulatory (L&R)
distribution license Risk of not providing adequate
equipment (laptops, printers,
10 monitors, etc.) to support remote (Ε)
Violation of contracts or work (work from home) due to
Conventional (C) market shortage
obligations between companies
Risk of failing to maintain
Failure to achieve goals or seize 11 cybersecurity and productivity (F)/(Ε)
Entrepreneurial (Ε) when connecting remotely
opportunities
Risk of unsafe access to the
12 network from remote work (eg data (F)/(Ε)
theft, phishing, malware attacks)

Table 3: Identified Threats and Business Impact. Risk of unavailability of security at

13 (F)/(Ε)
network and application level

Business 14 Risk of unsafe mobile devices (Ε)

No. Description
Impact
Facilities
Disorganization event management
Risk of contamination of the
15 product production unit (F)/(Ε)
Risk of suspension (F)/(Ε)/ (Suspension of operation)
1
(C)/(R) Risk of contamination of offices,
16 laboratories and ancillary premises (F)/(Ε)
Inadequate handling of a (not product areas) (Suspension)
2 (Ε)
disorganizing event
Risk of contamination of
Failure to meet legal and regulatory 17 warehouses (Suspension of (F)/(Ε)
3 (L&R)
requirements operation)

Staff management Risk of infection from insufficient

18 (Ε)
social distance
Risk of spreading the infection to
4 staff working in production (Ε) Risk of infection from visitors,
facilities 19 auditors, contractors and external (Ε)
partners
Risk of unavailability of labor due
5 (Ε)
to sick leave Risk of dependence on service
providers (eg especially those
Risk of increased contamination by 20 (Ε)
6 (Ε) involved in pest control, facility
personnel returning from leave cleaning, transport companies, etc.)

Risk of contamination by external 21 Risk of health and hygiene of staff (Ε)

collaborators operating in the
7 (Ε)
production unit, laboratories and Products and services
offices
Risk of product safety and quality (F)/(Ε)/
Risk from misbehavior of 22
8 (Ε)
personnel during the pandemic (L&R)/(C)

Risk of insufficient staff 23 Risk of patient safety (F)/(Ε)/

9 (Ε)
information during the pandemic

E-ISSN: 2224-3496 624 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

(L&R)/(C) High High High Averag

2 25 I.
(5) (5) (1) e
Supply chain management
High High High Averag H.R./
3 25
Risk of shortage of raw materials (5) (5) (1) e Q.A.
(Actives, excipients, packaging
24 materials) as well as reagents, (F)/(Ε)/(C) Staff management
solvents, etc., to support the
production of products High High Low 12 H&S/H
4 High
(5) (5) (5) 5 .R.
Risk of not being able to provide
25 (F)/(Ε)/(C)
products to customers. High High Low 12 H&S/H
5 High
(5) (5) (5) 5 .R.
Risk of insufficiency of transport
26 (F)/(Ε)/(C)
companies High High Low 12 H&S/H
6 High
(5) (5) (5) 5 .R.
Risk of delivery delays and impact
27 (F)/(Ε)/(C)
on products and services Q.A.
High High Low 12
7 High /H&S/
(5) (5) (5) 5
Financial management H.R.

28 Risks related to financial liquidity. (F)/(Ε) Aver

High High H&S/H
8 age 75 High
(5) (5) .R.
Inability to fulfill financial (3)
29 (F)
obligations
Aver Aver Aver
Averag
Inability to provide required 9 age age age 27 H.R.
30 (F) e
resources (3) (3) (3)

Social responsibility Remote work and computer security

31 Failure to strengthen society (R) 1 High High Low 12

High I.T.
0 (5) (5) (5) 5

1 High High High Averag

25 I.T.
Table 4: Initial Risk Assessment and 1 (5) (5) (1) e

Operational Impact for Each Identified Threat. 1 High High High

25
Averag
I.T.
2 (5) (5) (1) e

1 High High High Averag

Initial 25 I.T.
3 (5) (5) (1) e
Initial Parameter Risk Rispon
Calculation RP Evalua sible
1 High High High Averag
N tion 25 I.T.
4 (5) (5) (1) e
N (§
o. Facilities
Sx
O
(§S) (§O) (§D) H.R./
x 1 High High Low 12
High H&S/
D) 5 (5) (5) (5) 5
P.P.

H.R./
1 High High Low 12
High H&S/
Disorganization event management 6 (5) (5) (5) 5
Q.A.
High High High Averag
1 25 I.
(5) (5) (1) e

E-ISSN: 2224-3496 625 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

H.R./ Aver Aver

1 High High Low 12 3 High Averag S.M./
High H&S/ age age 9
7 (5) (5) (5) 5 1 (1) e H.R.
Q.C. (3) (3)

1 High High Low 12 H.R./ 3.2.3 Risk control

High
8 (5) (5) (5) 5 H&S During the control and risk reduction phase for each
identified threat, decisions were made on strategies
1 High High Low 12 H.R./ and solutions, based on the evolution of the
High
9 (5) (5) (5) 5 H&S pandemic, in order to avoid and / or reduce the risk
to acceptable levels, according to the results of the
2 High High Low 12 H.R./ RPN calculation for individual threats. Appropriate
High
0 (5) (5) (5) 5 H&S
measures were taken to avoid and / or reduce the risk
to acceptable levels for the identified threats whose
2 High High High Averag H.R./
1 (5) (5) (1)
25
e H&S
initial assessment was "High" and "Moderate". For
the threats whose initial assessment was "Low" it was
Products and services not necessary to implement actions to avoid and / or
reduce the risk to acceptable levels, however all
P.P./ actions taken were in the context of improving
2 High Low High procedures. In addition, actions are classified as
5 Low Q.C./
2 (5) (1) (1) "Level A (A) actions" for actions performed
Q.A.
immediately at the onset of the pandemic and as
P.P./ "Level B (B) actions" for actions performed at a
2 High Low High
3 (5) (1) (1)
5 Low Q.C./Q. secondary time during the evolution of the pandemic,
A. as shown in Table 8 of Appendix.

Supply chain management 3.2.4 Risk Acceptance

During the risk acceptance phase for each identified
2 High High High Averag P.E./Q. threat based on the actions taken to avoid and / or
25
4 (5) (5) (1) e C. reduce the risk to acceptable levels, the RPN for the
individual threats was recalculated. The recalculation
2 High High High Averag P.E./
25 was performed to ensure that appropriate risk and
5 (5) (5) (1) e C.S.
operational impact management strategies and
2 High High High Averag
solutions were implemented and that the risk was
25 P.E. reduced to a company-acceptable level, as shown in
6 (5) (5) (1) e
Table 5. From Table 5 and the final risk assessment
2 High High High Averag P.E. / it is clear that based on the actions taken the overall
25 risk was mitigated from "High" to "Moderate", i.e., at
7 (5) (5) (1) e Q.A.
levels acceptable by the company.
Financial management
Table 5: Final risk assessment and acceptance
Aver Aver
2 High
age age 45 High F.M. for each identified threat and operational
8 (5)
(3) (3)
impact.
Aver
2 High High Averag
age 15 F.M.
9 (5) (1) e
(3)
Initial R
Parameter P Initia
Aver
3 High High Averag Calculation N l Risk
age 15 F.M. N Rispo
0 (5) (1) e (§ Risk Acce
(3) o
S Eval
nsibl
ptanc
. e
x uatio e
Social responsibility (§S (§
(§O O n
) D
) x
)

E-ISSN: 2224-3496 626 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

D
) Hi
Hig Lo
1 gh
h w 5 Low I.T. YES
Disorganization event management 1 (1
(5) (1)
)
Ave Hi
Hig Hi
rag gh Aver Hig Lo
1 h 15 I. YES 1 gh
e (1 age h w 5 I.T. YES
(5) 2 (1
Low
(3) ) (5) (1)
)
Ave Hi
Hig Hi
rag gh Aver Hig Lo
2 h 15 I. YES 1 gh
e (1 age h w 5 I.T. YES
(5) 3 (1
Low
(3) ) (5) (1)
)
Ave Hi
Hig Hi
rag gh Aver H.R./ Hig Lo
3 h 15 YES 1 gh
e (1 age Q.A. h w 5 I.T. YES
(5) 4 (1
Low
(3) ) (5) (1)
)
Staff management
Facilities
Hi
Hig Hig Ave Hi
gh Aver H&S/ Hig H.R./
4 h h 25 YES 1 rag gh
(1 age H.R. h 15
Aver
H&S/ YES
(5) (5) 5 e (1
) (5)
age
P.P.
(3) )
Hi
Hig Lo Ave Hi
gh H&S/ Lo H.R./
5 h w 5 Low YES 1 rag gh
(1 H.R. w 3 H&S/ YES
(5) (1) 6 e (1
Low
) (1) Q.A.
(3) )
Hi
Hig Lo Ave Hi
gh H&S/ Hig H.R./
6 h w 5 Low YES 1 rag gh
(1 H.R. h 15
Aver
H&S/ YES
(5) (1) 7 e (1
) (5)
age
Q.C.
(3) )
Hi
Hig Hig Q.A. Hi
gh Aver Hig Lo
7 h h 25 /H&S YES 1 gh H.R./
(1 age h w 5 YES
(5) (5) /H.R. 8 (1
Low
H&S
) (5) (1)
)
Hi
Hig Lo Ave Ave Hi
gh H&S/
8 h w 5 Low YES 1 rag rag gh H.R./
(1 H.R. 9
Aver
YES
(5) (1) 9 e e (1 H&S
) age
(3) (3) )
Ave Hi
Lo Ave Ave Hi
rag gh
9 w 3 Low H.R. YES 2 rag rag gh H.R./
e (1 9
Aver
YES
(1) 0 e e (1 H&S
(3) ) age
(3) (3) )
Remote work and computer security
Hi
Hig Lo
Ave Hi 2 gh H.R./
Lo h w 5 Low YES
1 rag gh 1 (1 H&S
w 3 I.T. YES (5) (1)
0 e (1
Low )
(1)
(3) )
Products and services

E-ISSN: 2224-3496 627 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

Hi 3.2.5 Communication and Risk Overview

Hig Lo P.P./
2 gh At each stage of the risk assessment, communication
h w 5 Low Q.C./ YES
2 (1 with important stakeholders (e.g., heads of
(5) (1) Q.A.
)
departments, company-wide communication,
regulators, customers, and consumers) was
Hi
Hig Lo P.P./ maintained to enable the proper and seamless
2 gh
h w 5 Low Q.C./ YES execution of appropriate strategies and solutions for
3 (1
(5) (1) Q.A. risk reduction. Finally, because the pandemic is a
)
dynamic phenomenon that continues to exist and
Supply chain management poses a threat to the global population, the
corporation closely watches it and employs every
Hi method and measure available to keep it under
Hig Lo
2 gh P.E./ control. As a result of the pandemic's nature, risk
h w 5 Low YES
4
(5) (1)
(1 Q.C. review is a continuing process that requires the
) company to periodically re-evaluate the risk
assessment and operational effect in light of global
Hi and national events and the company's commercial
Hig Lo
2 gh P.E./ objectives.
h w 5 Low YES
5 (1 C.S.
(5) (1)
)
3.3 Results Discussion
Hi The company, with its expertise and experience in
Hig Lo implementing the ISO 9001 quality assurance
2 gh Aver
h w 5 P.E. YES system, understood the needs of the ISO 22031
6 (1 age
(5) (1) management standard for business continuity and
)
tackled the disorganizing incident using management
Ave Ave Hi system fundamentals. The new High-Level Structure
2 rag rag gh
9
Aver P.E. /
YES
aided the company in identifying and meeting the two
7 e e (1 age Q.A. management standards' shared requirements for:
(3) (3) ) • the organization's operational structure,
an awareness of stakeholders'
Financial management expectations, and compliance with legal
and regulatory requirements. The
Ave Hi specific requirements already defined by
Lo
2 rag gh Aver
w 3 F.M. YES the application of ISO 9001 were
8 e (1 age
(1) examined in order to incorporate the
(3) )
needs for business continuity
Ave Hi management.
Lo • the management commitment, which,
2 rag gh
w 3 Low F.M. YES aware that one of the most critical
9 e (1
(1)
(3) ) elements of successful management
system implementation is the
Ave
Lo
Hi management's absolute commitment to
3 rag gh this direction, acted appropriately by
w 3 Low F.M. YES
0 e (1 communicating its policy to ensure
(1)
(3) ) business continuity and the necessary
resources to all involved.
Social responsibility • the systematic and expedited
implementation of the business
Ave Hi
Lo continuity strategy by identifying,
3 rag gh S.M./
1 e
w
(1
3 Low
H.R.
YES analyzing, assessing, and addressing
(1) identified dangers and opportunities.
(3) )
• the study of operational effect and the
design of strategies and solutions
necessary to avoid and/or mitigate risks,

E-ISSN: 2224-3496 628 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

but also the necessary changes and • Boosting the quality system
improvements to the existing quality • Enhancing business continuity practices.
management system to assure its quality. • Possibility of ISO 22301 certification.
product and the health of the patient. Taking into account the foregoing and the
• the performance appraisal, since the requirements of the business continuity management
organization incorporated points model, the company established an interdepartmental
regarding the performance of the Crisis Management Team (CRC) at the start of the
business continuity plan's COVID-19 pandemic manifestation. The CRC was
implementation as inputs into the responsible for assessing the risk and operational
already-existing management review impact, including the suspension scenario, but also
process. for all actions that would be taken during the
• the company's fundamental policy of pandemic period.
continuous improvement of its systems. As part of the firm's efforts to avoid and/or mitigate
recognized risks, all employees received training on
The company used a risk-based strategy to assess COVID-19 symptoms and prevention by e-mail and
potential hazards, opportunities, and operational SMS from the Human Resources (HR) department,
implications related with the COVID-19 pandemic. which was responsible for monitoring any health
The risk assessment is regarded as one of the most issues affecting company personnel. Additionally,
critical, if not the most critical, steps in developing a the company has established a telephone medicine
business continuity strategy (Păunescu & Argatu, consulting service for COVID-19 with the goal of
2020; Torabi et al., 2016). In identifying threats, giving accurate information and counseling from
opportunities, and impacts, the company applied a healthcare professionals, as well as managing high-
recognized risk management approach and risk risk populations effectively. Employees were urged
analysis tools to proceed with the identification, to practice social distance in their regular tasks
analysis, evaluation, control, and reduction to an through the placement of pertinent educational
acceptable level. As demonstrated in the case study posters. All necessary infection protection materials
analysis, the risk analysis approach has a broad scope (basic surgical masks, surface cleaners, disposable
and can be applied to any disorganized event due to gloves, etc.) and alcohol hand sanitizers have been
its universal and reliable application (Jamaludin et distributed throughout the company's facilities,
al., 2020; Nakat & Bou-Mitri, 2021). The risk ensuring that each employee has access. Weekly
strategy is now the beginning point for organizational disinfection of all facilities was planned and executed
culture change, both in terms of product and service in conjunction with daily cleaning and disinfection of
quality assurance and business continuity. all offices and public areas. Despite the preventive
The Improvement Cycle approach, which is a maintenance of all air conditioners, the personnel was
fundamental principle of both the ISO 9001: 2015 asked to avoid using air conditioners and instead
quality standard and the ISO 22301: 2019 business work with open windows (where applicable). The
continuity standard, was adopted by the company to corporation developed work-from-home policies for
implement the design, implementation, and control of a significant portion of its workforce in order to
the actions necessary to ensure the company's reduce the risk of contamination on the company's
operation, as well as to improve the product quality facilities. Another mitigation measure implemented
management system and business continuity. by the organization was a meticulously designed shift
Along with the risks identified, the company schedule for all employees working in offices and
evaluated the opportunities presented by the COVID- facilities. To comply with federal requirements about
19 pandemic, including the following: the spread of COVID-19, the company allowed all
• Using remote work as a more flexible workers to work either full-time from home or on a
and efficient work pattern. flexible schedule while keeping social distance.
• Using new technologies and improving Additionally, the corporation conducted additional
existing ones recruitments to ensure that sufficient staff were
• Improving the company's cybersecurity available in each production unit.
procedures Additionally, the company has implemented
• Improving employee care. Possibility of mandatory measures that must be followed on a daily
social contribution basis, including:
• Enhancing client relations • the use of a face mask in all premises,
• Boosting the company's reputation and
credibility

E-ISSN: 2224-3496 629 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

• thermal scanning at each entry point for Numerous practices are described in the supply chain
all employees / visitors entering the management literature (El Baz & Ruel, 2021;
company premises, Karmaker et al., 2021; Rajesh, 2021; Suresh et al.,
• 14 days off work following annual leave, 2020), and in these the company contacted all
and a free COVID-19 examination prior suppliers to check delivery of all outstanding orders
to returning. and to assure the safety of its fundamental raw
Visitors were denied access to all departments of the material inventory (Active substances, Excipients
corporation, and all business visits inside and outside and other raw materials). Additionally, the
of Greece were canceled. Visitors were permitted corporation sought, where possible, early supplies of
only in exceptional circumstances and upon raw materials and ensured the availability of
presentation of a signed "Visitor Identification alternative suppliers while considering any additional
Statement" attesting to their responsibility for expenses associated with transportation, tariffs, and
previous travels to countries with an increase in anticipated price hikes. Contact material and service
COVID-19 cases or if they had recently contracted providers to explore any ramifications for their work
COVID-19. Additionally, all internal and external and how they plan to maintain business continuity
meetings are conducted via video conference or during the COVID-19 pandemic.
video conferencing. Concerning customer and The financial management department, with the
authority controls, the company established an cooperation of top management, has implemented a
alternative method of remote / virtual control with the plan to ensure the company's financial liquidity. To
assistance and support of the IT department and the this end, the company reached an agreement with
use of appropriate communication platforms. The local banks for additional lending facilities, financing
aforementioned actions are consistent with the a short-term potential increase in the company's
practices described in the literature for managing working capital, as a practical demonstration of the
personnel and potentially product quality during a top management's commitment to securing the
pandemic (Jamaludin et al., 2020; Nakat & Bou- necessary resources and ensuring the company's
Mitri, 2021; Tuzovic & Kabadayi, 2021), and the business continuity and compliance with its
World Health Organization's (WHO) guidelines obligations during the pandemic.
(O’Neill, 2020). As part of its social responsibility activities, the
The IT department provided the essential equipment company has provided free antiseptics to strengthen
(computers, mobile phones, and VPN access) and health institutions, logistical infrastructure (masks,
VPN access to the company's remote personnel in gloves, etc.) to local governments, organized blood
order to assure each user's safe and productive remote donations in accordance with COVID-19
connection. The already-existing IT Support Office requirements, and supported charities via an online
(Helpdesk) provided further support to all remote fundraiser and a virtual marathon.
employees. The IT department has integrated modern Finally, the company managed based on its
meeting platforms (MS Teams, Go to Meeting) into experience and expertise in evaluating,
its business processes to facilitate collaboration implementing, maintaining, documenting, and
between internal and external stakeholders. maintaining a management system, as well as by
Additionally, the IT department hosted online applying the risk management methodology to
cybersecurity workshops to safeguard the respond quickly and efficiently to a disorganizing
organization from cyber threats, mitigate the severity event, while taking into account applicable legal and
of attacks, and ensure that business operations regulatory requirements and adapting while
continue to run smoothly. Additionally, policies for maintaining its commitment to continuous
remote work and internet use have been established, improvement of its products and services.
as have measures to defend the organization from 4 Conclusion
hostile attacks. The aforementioned actions are The paper demonstrated the methods used by a
consistent with similar practices mentioned in the pharmaceutical company to ensure business
literature regarding the actions that must be taken to continuity during the COVID-19 pandemic. The
ensure the company's information systems and theoretical foundation for the risk analysis was
cybersecurity (Malecki, 2020; Papadopoulos et al., established by comparing and contrasting the
2020; Papagiannidis et al., 2020), as well as the WHO requirements of ISO 9001: 2015 and ISO 22301:
guidelines (O’Neill, 2020). 2019. The similarities and variations in the
The supply chain is significantly impacted by the requirements of management standards ISO 9001:
pandemic, as it is difficult to prevent the virus from 2015 and ISO 22301: 2019 shown the management
spreading through the flow of commodities. standards' structural requirements are aligned and

E-ISSN: 2224-3496 630 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

their executive departments are distinct, owing to the International Journal of Production Economics,
subject matter they cover. Finally, a specific 233, 107972.
emphasis was placed on all aspects of the business https://doi.org/10.1016/j.ijpe.2020.107972
continuity management model that link directly or [5] Huremović, D. (2019). Brief History of
indirectly to the risk approach. The theoretical Pandemics (Pandemics Throughout History). In
background analysis was conducted to interpret the Psychiatry of Pandemics (pp. 7–35). Springer
approach and methodology used by a pharmaceutical International Publishing.
company during the COVID-19 pandemic to ensure https://doi.org/10.1007/978-3-030-15346-5_2
business continuity by adhering to quality [6] Ioannidis, J. P. A. (2021). Infection fatality rate
management and business continuity, risk of COVID-19 inferred from seroprevalence
management standards, as well as its know-how and data. Bulletin of the World Health Organization,
structured approach to problem solving. 99(1), 19-33F.
Additionally, the study's objective was to emphasize https://doi.org/10.2471/BLT.20.265892
the critical nature of harmonizing the requirements of [7] Jamaludin, S., Azmir, N. A., Mohamad Ayob,
various management standards in order to make it A. F., & Zainal, N. (2020). COVID-19 exit
easier for firms to develop and operate an integrated strategy: Transitioning towards a new normal.
management system. In this regard, a future study Annals of Medicine and Surgery, 59, 165–170.
might focus on further developing the method of https://doi.org/10.1016/j.amsu.2020.09.046
harmonizing the various management standards, as [8] Jebril, N. (2020). World Health Organization
well as on the risk and operational impact of other Declared a Pandemic Public Health Menace: A
disorganizing occurrences. Finally, given the Systematic Review of the Coronavirus Disease
pandemic's unique characteristics and the fact that 2019 “COVID-19.” SSRN Electronic Journal.
many of the measures taken to manage this health https://doi.org/10.2139/ssrn.3566298
crisis are heavily reliant on the human factor and [9] Karmaker, C. L., Ahmed, T., Ahmed, S., Ali, S.
individual accountability, it is concluded that the M., Moktadir, M. A., & Kabir, G. (2021).
pharmaceutical company studied successfully Improving supply chain sustainability in the
developed an effective action plan in order to context of COVID-19 pandemic in an emerging
mitigate identified risks to acceptable levels, economy: Exploring drivers using an integrated
maintain business continuity, and ensure the model. Sustainable Production and
product's quality. Consumption, 26, 411–427.
https://doi.org/10.1016/j.spc.2020.09.019
References: [10] Larsen, J. R., Martin, M. R., Martin, J. D., Kuhn,
[1] Abou-El-Enein, M., Römhild, A., Kaiser, D., P., & Hicks, J. B. (2020). Modeling the Onset of
Beier, C., Bauer, G., Volk, H.-D., & Reinke, P. Symptoms of COVID-19. Frontiers in Public
(2013). Good Manufacturing Practices (GMP) Health, 8.
manufacturing of advanced therapy medicinal https://doi.org/10.3389/fpubh.2020.00473
products: a novel tailored model for optimizing [11] Leite, H., Hodgkinson, I. R., & Gruber, T.
performance and estimating costs. Cytotherapy, (2020). New development: ‘Healing at a
15(3), 362–383. distance’—telemedicine and COVID-19. Public
https://doi.org/10.1016/j.jcyt.2012.09.006 Money & Management, 40(6), 483–485.
[2] Djalante, R., Shaw, R., & DeWit, A. (2020). https://doi.org/10.1080/09540962.2020.174885
Building resilience against biological hazards 5
and pandemics: COVID-19 and its implications [12] Malecki, F. (2020). Overcoming the security
for the Sendai Framework. Progress in Disaster risks of remote working. Computer Fraud &
Science, 6, 100080. Security, 2020(7), 10–12.
https://doi.org/10.1016/j.pdisas.2020.100080 https://doi.org/10.1016/S1361-3723(20)30074-
[3] Donthu, N., & Gustafsson, A. (2020). Effects of 9
COVID-19 on business and research. Journal of [13] Nakat, Z., & Bou-Mitri, C. (2021). COVID-19
Business Research, 117, 284–289. and the food industry: Readiness assessment.
https://doi.org/10.1016/j.jbusres.2020.06.008 Food Control, 121, 107661.
[4] El Baz, J., & Ruel, S. (2021). Can supply chain https://doi.org/10.1016/j.foodcont.2020.107661
risk management practices mitigate the [14] O’Neill, R. (2020). WHO Knew. How the
disruption impacts on supply chains’ resilience World Health Organization (WHO) Became a
and robustness? Evidence from an empirical Dangerous Interloper on Workplace Health and
survey in a COVID-19 outbreak era. Safety and COVID-19. NEW SOLUTIONS: A

E-ISSN: 2224-3496 631 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

Journal of Environmental and Occupational Appendix

Health Policy, 30(3), 237–248.
https://doi.org/10.1177/1048291120961337 Table 6: Comparison of the Structure of ISO
[15] Papadopoulos, T., Baltas, K. N., & Balta, M. E.
(2020). The use of digital technologies by small 22301: 2019 & ISO 9001: 2015
and medium enterprises during COVID-19:
Implications for theory and practice.
International Journal of Information ISO 22301:2019 ISO 9001:2015
Management, 55, 102192.
https://doi.org/10.1016/j.ijinfomgt.2020.10219
2 1 Objectives 1 Objectives
[16] Papagiannidis, S., Harris, J., & Morton, D.
(2020). WHO led the digital transformation of
your company? A reflection of IT related 2
Standard
2
Standard
challenges during the pandemic. International References References
Journal of Information Management, 55,
102166.
https://doi.org/10.1016/j.ijinfomgt.2020.10216 Terms and Terms and
6 3 Definitions of 3 Definitions of
[17] Păunescu, C., & Argatu, R. (2020). CRITICAL Concepts Concepts
FUNCTIONS IN ENSURING EFFECTIVE
BUSINESS CONTINUITY MANAGEMENT.
EVIDENCE FROM ROMANIAN Operating Operating
COMPANIES. Journal of Business Economics 4 Framework of 4 Framework of
and Management, 21(2), 497–520. the Organization the Organization
https://doi.org/10.3846/jbem.2020.12205
[18] Rajesh, R. (2021). Flexible business strategies to
Understanding of Understanding of
enhance resilience in manufacturing supply
the Organization the Organization
chains: An empirical study. Journal of 4.1 4.1
Manufacturing Systems, 60, 903–919. and its operating and its operating
https://doi.org/10.1016/j.jmsy.2020.10.010 framework framework
[19] Sahebjamnia, N., Torabi, S. A., & Mansouri, S.
A. (2015). Integrated business continuity and
Understanding the Understanding the
disaster recovery planning: Towards
needs and needs and
organizational resilience. European Journal of 4.2 4.2
Operational Research, 242(1), 261–273. expectations of expectations of
https://doi.org/10.1016/j.ejor.2014.09.055 stakeholders stakeholders
[20] Suresh, N., Sanders, G. L., & Braunscheidel, M.
J. (2020). Business Continuity Management for
4.2.1 General ~ ~
Supply Chains Facing Catastrophic Events.
IEEE Engineering Management Review, 48(3),
129–138. Legal and
https://doi.org/10.1109/EMR.2020.3005506 4.2.2 regulatory ~ ~
[21] Torabi, S. A., Giahi, R., & Sahebjamnia, N. requirements
(2016). An enhanced risk assessment framework
for business continuity management systems.
Safety Science, 89, 201–218. Defining the
https://doi.org/10.1016/j.ssci.2016.06.015 Defining the
scope of the
[22] Tuzovic, S., & Kabadayi, S. (2021). The scope of the
business
influence of social distancing on employee well- 4.3 4.3 quality
continuity
being: a conceptual framework and research management
management
agenda. Journal of Service Management, 32(2), system
system
145–160. https://doi.org/10.1108/JOSM-05-
2020-0140

E-ISSN: 2224-3496 632 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

ISO 22301:2019 ISO 9001:2015 ISO 22301:2019 ISO 9001:2015

4.3.1 General ~ ~ Planning and Planning and

6 6
programming programming

Scope of the
business Threats and Threats and
6.1 6.1
4.3.2 continuity ~ ~ opportunities opportunities
management
system
Identify threats
6.1.1 ~ ~
and opportunities
Business Quality
continuity management
4.4 4.4 Dealing with
management system and its
system processes 6.1.2 threats and seizing ~ ~
opportunities

5 Leadership 5 Leadership
Business
continuity goals Quality goals and
Leadership and 6.2 and planning and 6.2 design to achieve
5.1
commitment planning to them
achieve them
Leadership and
5.1
commitment 5.1.1 General
Establish business
6.2.1 ~ ~
continuity goals
5.1.2 Customer focus

Defining business
5.2 Policy 5.2 Policy 6.2.2 ~ ~
continuity goals

Establishment of Establishing Planning and Change planning

5.2.1 business 5.2.1 quality policy scheduling
continuity policy changes in the
6.3 business 6.3
continuity
Disclosure of Communication
management
5.2.2 business 5.2.2 of quality policy
system
continuity policy

7 Support 7 Support
Roles,
responsibilities
Roles,
and 7.1 Resources 7.1 Resources
5.3 responsibilities 5.3
responsibilities
and jurisdictions
within the
Organization ~ ~ 7.1.1 General

~ ~ 7.1.2 Staff

E-ISSN: 2224-3496 633 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

ISO 22301:2019 ISO 9001:2015 ISO 22301:2019 ISO 9001:2015

~ ~ 7.1.3 Infrastructure Business Impact Requirements for

8.2 Analysis and Risk 8.2 products and
Assessment services
Environment for
~ ~ 7.1.4 the operation of
processes General Communication
8.2.1 8.2.1 with the
customers
Monitoring and
~ ~ 7.1.5 measurement
resources Business Impact Determining the
Analysis requirements for
8.2.2 8.2.2
products and
Business services
~ ~ 7.1.6
knowledge

Risk assessment Review of

Professional Professional product and
7.2 7.2 8.2.3 8.2.3
competence competence service
requirements
7.3 Awareness 7.3 Awareness
Changes in
product and
7.4 Contact 7.4 Contact ~ ~ 8.2.4
service
requirements
Documented Documented
7.5 7.5
information information
Business Design and
continuity development of
8.3 8.3
7.5.1 Generally 7.5.1 General strategies and products and
solutions services

7.5.2 Create and update 7.5.2 Create and update

8.3.1 General 8.3.1 General

Verification of Verification of
7.5.3 documented 7.5.3 documented Identification of Elaboration of a
information information 8.3.2 strategies and 8.3.2 plan for design
solutions and development

8 Operation 8 Operation
Selection of Inbound design
8.3.3 strategies and 8.3.3 and development
Design and Design, operation solutions
8.1 operation control 8.1 and control of
processes
Resource Design and
8.3.4 requirements 8.3.4 development
control

E-ISSN: 2224-3496 634 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

ISO 22301:2019 ISO 9001:2015 ISO 22301:2019 ISO 9001:2015

Implementation of Design and Property owned

8.3.5 solutions 8.3.5 development ~ ~ 8.5.3 by customers or
results external providers

Changes in design ~ ~ 8.5.4 Preservation

~ ~ 8.3.6
and development

Activities after
~ ~ 8.5.5
Business Control of delivery
continuity plans processes,
8.4 and procedures 8.4 products and
services provided ~ ~ 8.5.6 Change control
by external parties
Assessment of Release of
8.4.1 General 8.4.1 General documentation products and
8.6 and capabilities of 8.6 services
business
Response Type and scope of continuity
8.4.2 8.4.2
structure control

Control of non-
~ ~ 8.7
Warning and Information compliant results
8.4.3 communication 8.4.3 disclosed to
external providers
Performance Performance
9 9
evaluation evaluation
Business
8.4.4 ~ ~
continuity plans
Monitoring, Monitoring,
measurement, measurement,
9.1 9.1
Recovery or analysis and analysis and
8.4.5 ~ ~
reorganization evaluation evaluation

Pilot exercise Production of ~ ~ 9.1.1 General

program products and
8.5 8.5
provision of
services Customer
~ ~ 9.1.2
satisfaction

Control of
production of Analysis and
~ ~ 9.1.3
~ ~ 8.5.1 products and evaluation
provision of
services
Internal Internal
9.2 9.2
inspection inspection
Identification and
~ ~ 8.5.2
traceability
9.2.1 General ~ ~

E-ISSN: 2224-3496 635 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

ISO 22301:2019 ISO 9001:2015 Section 2 - Section 2 -

Standard Standard
Reference Reference
Schedule (s) of
9.2.2 ~ ~
inspection
Section 3 - Section 3 -
Terms and Terms and
Management Management Definitions of Definitions of
9.3 9.3
review review Concepts Concepts

Section 4 -
9.3.1 General 9.3.1 General Section 4 -
Operating
Operating
Framework of
Framework of
Inbox review by Inbox review by the Organization
9.3.2 9.3.2 the Organization
Management Management Plan
Section 5 -
Section 5 -
Leadership
Leadership
Management Management
9.3.3 results from the 9.3.3 results from the Section 6 – Plan
Section 6 - Plan
Management Management & Programming

10 Improvement 10 Improvement Section 7 - Section 7 -

Support Support
Execute
Non-compliance General Section 8 - Section 8 -
10.1 and corrective 10.1 Operation Operation
actions
Section 9 - Section 9 -
Continuous Non-compliance Control Performance Performance
10.2 improvement 10.2 and corrective Evaluation Evaluation
actions
Section 10 - Section 10 -
Improve
Improvement Improvement
Continuous
~ ~ 10.3
improvement

Table 7: Sections of ISO 9001: 2015 and ISO 22301: Table 8: Actions to avoid and / or reduce the
2019 and their Correspondence to the Improvement
Cycle
risk for each identified threat and to classify
them as "Level A- (A)" or "Level B- (B)"

Improvement
Παράγραφος Παράγραφος actions.
Cycle
ISO 9001:2015 ISO 22301:2019
No. Actions to avoid and / or reduce the risk
Section 1 - Section 1 -
Subject matter Subject matter
Disorganization event management

E-ISSN: 2224-3496 636 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

No. Actions to avoid and / or reduce the risk No. Actions to avoid and / or reduce the risk

 Recommendation Crisis Management and  Remote work based on staff rolling schedule-
Replacement Team- (A) (A)
 Human Resources Management- (A)  Special care for vulnerable groups (e.g.,
 Health and personal hygiene - (A) teleworking, special purpose licenses without
 Supplier Management- (B) loss of income, free laboratory tests) - (Α)
 Inventory Management- (Α)  Determination of the maximum allowed
 Customer Support- (B) number of employees per workplace, in
 Remote work- (Α) accordance with the existing provisions of the
 Irt Virtual audit support - (Β) state- (Β)
 Activation of internal procedures- (A)  Provided logistics (E.g., masks, gloves, robes,
 Cleaning and disinfection of facilities- (A) 70% ethanol etc.) - (Α)
 Infection control- (A)  Coverage of travel expenses of employees to
1 and from work for the purpose of individual
 Human Resources Department
movement of staff- (Β)
Announcements (A)
 Guest Identification Statement- (B)
 Frequent updates through the employees
corner (Website employees corner) - (Β)  Human Resources Department
Announcements (A)
 Weekly management communication with
employees- (Β)  Frequent updates through the employees’
corner (Website employees’ corner) - (Β)
 Posting of personal hygiene and health care
instructions in conspicuous places inside the  Weekly management communication with
premises- (Α) employees- (Β)
 Check body temperature before entering the  Training of staff in matters of personal
facility- (Β) hygiene- (A)
 Free laboratory tests for COVID-19 in staff at  Posting of personal hygiene and health care
a predetermined frequency- (B) instructions in conspicuous places inside the
premises- (Α)
 Recommendation Crisis Management and
Replacement Team - (A)  Check body temperature before entering the
facility- (Β)
 Review of the effectiveness of the
management of the disorganizing event  Free laboratory tests for COVID-19 in staff at
during the process of the Review by the a predetermined frequency- (B)
Management. - (Β)  Promotion of new recruitments- (Β)
2 5  Remote work based on staff rolling schedule-
 Implementation of internal procedures for
dealing with a disorganizing event and (A)
maintaining business continuity- (A)  Training of staff in matters of personal
 Implementation of internal procedures in hygiene- (A)
order to ensure the quality of the product and  Posting of personal hygiene and health care
the health of the patient- (A) instructions in conspicuous places inside the
 Ongoing information on current legal and premises- (Α)
regulatory requirements - (A)  Encouraging social distancing - (A)
3  Determination of the maximum allowed
 Appointment of staff to monitor legal and 6
regulatory requirements- (A) number of employees per workplace, in
accordance with the existing provisions of the
Staff management state- (Β)
 Providing free medical advice by phone- (A)  Provided logistics (Eg masks, gloves, robes,
 Encouragement to reduce unnecessary travel- 70% ethanol etc) - (Α)
4
(A)  Free laboratory tests for COVID-19 in staff at
 Encouraging social distancing - (A) a predetermined frequency- (B)

E-ISSN: 2224-3496 637 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

No. Actions to avoid and / or reduce the risk No. Actions to avoid and / or reduce the risk

 Check body temperature before entering the  Remote access via VPN-
facility- (Β)  Implementing a remote work policy - (B)
 Guest Identification Statement- (B)  Implement internet usage policy- (B)
 Encouraging social distancing - (A)  Integration of meeting platforms- (A)
 Provided logistics (E.g., masks, gloves, robes,  Daily or weekly department meetings- (Β)
70% ethanol etc.) - (Α)  IT infrastructure- (DA)
7
 Prerequisite negative laboratory test COVID-  Online cyber security training for staff- (B)
19- (A)  Continuous IT support- (A)
 Check body temperature before entering the 12
 Remote access via VPN-
facility- (Β)  Implementing a remote work policy - (B)
 Training of staff in matters of personal  Implement internet usage policy- (B)
hygiene- (A)  Maintenance of IT infrastructure- (A)
 Posting of personal hygiene and health care  Online cyber security training for staff- (B)
instructions in conspicuous places inside the  Continuous IT support- (A)
13
premises- (Α)
 Implementing Remote Labor Policy (B)
 Encouraging social distancing - (A)
 Implement internet usage policy- (B)
 Determination of the maximum allowed
 IT infrastructure- (A)
number of employees per workplace, in
8  Online cyber security training for staff- (B)
accordance with the existing provisions of the
 Continuous IT support- (A)
state- (Β) 14
 Remote access via VPN-
 Provided logistics (E.g., masks, gloves, robes,
 Implementing a remote work policy - (B)
70% ethanol etc.) - (Α)
 Implement internet usage policy- (B)
 Free laboratory tests for COVID-19 in staff at
a predetermined frequency- (B)
Facilities
 Check body temperature before entering the
facility- (Β)  Application of internal cleaning and
 Posting of announcements of human disinfection procedures of the premises- (A)
resources department in common areas- (Α)  Retraining of staff in the procedures of
 Sending newsletters via email and SMS- (Α) cleaning and disinfection of premises - (A)
 Information of the staff by the supervisors-  Training of staff in matters of personal
9 (Α) hygiene- (A)
 Frequent updates through the employees  Retraining of staff in clothing processes to
corner (Website employees corner) - (Β) production rooms- (A)
 Weekly management communication with  Posting of personal hygiene and health care
employees- (Β) instructions in conspicuous places inside the
premises- (Α)
Remote work and computer security  Encouraging social distancing - (A)
15
 Determination of the maximum allowed
 Settlement with IT equipment suppliers- (A)
number of employees per workplace, in
 Needs assessment in IT and technology
accordance with the existing provisions of the
products- (A)
state- (Β)
10  Placement of required orders- (Α)
 Provided logistics (Eg masks, gloves, robes,
 Additional funding for IT procurement - (A)
70% ethanol etc) - (Α)
 Acceleration of relevant implementation
 Coverage of travel expenses of employees to
processes (Fast track) - (Α)
and from work for the purpose of individual
 IT Infrastructure- (A) movement of staff- (Β)
11  Online cyber security training for staff- (B)  Guest Identification Statement- (B)
 Continuous IT support- (A)

E-ISSN: 2224-3496 638 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

No. Actions to avoid and / or reduce the risk No. Actions to avoid and / or reduce the risk

 Frequent cleaning and disinfection of  Check body temperature before entering the
facilities according to the internal cleaning facility- (Β)
and disinfection procedures- (Α)  Free laboratory tests for COVID-19 in staff at
 Check body temperature before entering the a predetermined frequency- (B)
facility- (Β)
 Free laboratory tests for COVID-19 in staff at  Training of staff in personal hygiene issues-
a predetermined frequency- (B) (A)
 Remote work based on staff rolling schedule-  Posting of personal hygiene and health care
(A) instructions in conspicuous places inside the
 Training of staff in matters of personal premises- (Α)
hygiene- (A)  Determination of the maximum allowed
 Posting of personal hygiene and health care number of employees per workplace, in
18
instructions in conspicuous places inside the accordance with the existing provisions of the
premises- (Α) state- (Β)
 Encouraging social distancing - (A)  Provided logistics (Eg masks, gloves, robes,
 Determination of the maximum allowed 70% ethanol etc) - (Α)
number of employees per workplace, in  Coverage of travel expenses of employees to
accordance with the existing provisions of the and from work for the purpose of individual
state- (Β) movement of staff- (Β)
16  Suspension of the visit by external partners
 Provided logistics (Eg masks, gloves, robes,
70% ethanol etc) - (Α) for unnecessary reasons- (A)
 Coverage of travel expenses of employees to  Guest Identification Statement- (B)
and from work for the purpose of individual  Determination of the maximum allowed
movement of staff- (Β) number of employees per workplace, in
 Frequent cleaning and disinfection of accordance with the existing provisions of the
facilities by external services, in addition to state- (Β)
the production areas  Provided logistics (Eg masks, gloves, robes,
 Check body temperature before entering the 70% ethanol etc) - (Α)
facility- (Β) 19  Integration of meeting platforms- (A)
 Free laboratory tests for COVID-19 in staff at  Remote / virtual control procedure (remote
a predetermined frequency- (B) audit) - (Α)
 Training of staff in matters of personal  Prerequisite is the negative laboratory test
hygiene- (A) COVID-19- (A)
 Posting of personal hygiene and health care  Check body temperature before entering the
instructions in conspicuous places inside the facility- (Β)
premises- (Α)  Visitors are allowed only in special cases and
 Encouraging social distancing - (A) only after providing the signed "Visitor
 Determination of the maximum allowed Identification Statement" - (Β)
number of employees per workplace, in  Training of external collaborators in matters
17 accordance with the existing provisions of the of personal hygiene- (B)
state  Posting of personal hygiene and health care
 Provided logistics (Eg masks, gloves, robes, instructions in conspicuous places inside the
70% ethanol etc) - (Α) premises- (Α)
 Coverage of travel expenses of employees to 20  Encouraging social distancing - (DA)
and from work for the purpose of individual  Provided logistics (Eg masks, gloves, robes,
movement of staff- (Β) 70% ethanol etc) - (Α)
 Frequent cleaning and disinfection of  Visitors are allowed only in special cases and
facilities by external services- (A) only after providing the signed "Visitor
Identification Statement" - (Β)

E-ISSN: 2224-3496 639 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

No. Actions to avoid and / or reduce the risk No. Actions to avoid and / or reduce the risk

 Frequent cleaning and disinfection of  Provided logistics (Eg masks, gloves, robes,
facilities by external services, in addition to 70% ethanol etc) - (Α)
the production areas  No air recirculation in the production areas-
 Check body temperature before entering the (A)
facility- (Β)  Frequent cleaning and disinfection of
 Remote work- (Α) facilities by external services, outside the
 Modified shifts- (Α) production areas- (A)
 Staff encouragement (A)  Quality control of products during their
 Training of staff in matters of personal production and in the final product- (A)
hygiene- (A)  Implementation of internal divergence
 Posting of personal hygiene and health care reporting procedures - (A)
instructions in conspicuous places inside the  Implementation of internal product recall
premises- (Α) procedures, if necessary- (B)
 Encouraging social distancing - (A)
 Provided logistics (Eg masks, gloves, robes, Supply chain management
70% ethanol etc) - (Α)
 Precautionary supply chain management with
 Coverage of travel expenses of employees to
inventory management of raw materials,
and from work for the purpose of individual
excipients, packaging materials and
21 movement of staff- (Β)
consumables- (Β)
 Visitors are allowed only in special cases and
 Timely communication with suppliers- (A)
only after providing the signed "Visitor
 Availability of stocks to support demand- (A)
Identification Statement" - (Β) 24
 Proper stock management- (A)
 Remote / virtual control procedure (remote
audit) - (Α)  Hierarchy of orders- (Α)
 Frequent cleaning and disinfection of  Advance Deliveries - (A)
facilities by external services- (A)  Alternative suppliers- (Β)
 No air recirculation in all areas of the  Review of management procedures and
installation- (Α) requirements by suppliers- (B)
 Check body temperature before entering the  Organization of orders in consultation with
facility- (Β) customers- (Α)
 Free laboratory tests for COVID-19 in staff at  Informing the customers about the operations
a predetermined frequency- (B) to ensure business continuity- (A)
 Preventive supply chain management with
Products and services inventory management of raw materials,
 Personnel Management- (Α) excipients, packaging materials and
 Production of products according to GMP- consumables- (Β)
25  Timely communication with suppliers- (A)
(A)
 Implementation and strengthening of the  Availability of stocks to support demand- (A)
22 quality assurance system- (A)  Proper stock management- (A)
 Application of internal cleaning and  Hierarchy of orders- (Α)
disinfection procedures of production areas-  Advance Deliveries - (A)
(A)  Alternative suppliers- (Β)
 Retraining of staff in the procedures of  Review of management procedures and
cleaning and disinfection of premises - (A) requirements by suppliers- (B)
 Training of staff in the clothing processes to  Timely communication with transport
23 the production rooms- (A) 26 companies to ensure the continuity of their
 Retraining of staff in clothing processes to operations, eg strengthening their fleet- (A)
production rooms- (A)

E-ISSN: 2224-3496 640 Volume 18, 2022

 G. Chatzistelios, E. P. Kechagias,
WSEAS TRANSACTIONS on ENVIRONMENT and DEVELOPMENT S. P. Gayialis, G. A. Papadopoulos,
DOI: 10.37394/232015.2022.18.60 N. E. Spyridonakos

No. Actions to avoid and / or reduce the risk No. Actions to avoid and / or reduce the risk

 Maintaining priority for the company's  Supporting charities through online

missions- (A) fundraising and virtual marathon- (B)
 Update of contracts with transport
companies- (Β)
Contribution of individual authors to
 Alternative transport companies- (Β)
 Use of proprietary means for the transport of
the creation of a scientific article
products, where possible- (Β) (ghostwriting policy)
 Timely communication with transport
companies to ensure the continuity of their Georgios Chatzistelios carried out:
operations, eg strengthening their fleet- (A) Conceptualization, Methodology Development &
Project Administration.
 Maintaining priority for the company's
Evripidis P. Kechagias carried out:
missions- (A)
Writing – Original Draft, Editing and Formal
 Update of contracts with transport Analysis.
companies- (Β) Sotiris P. Gayialis carried out:
 Alternative transport companies- (Β) Review & Model Formulation.
 Use of proprietary means for the transport of Georgios A. Papadopoulos carried out:
27
products, where possible- (Β) Validation & Supervision.
 Immediate communication with customers in Nikos Spyridonakos carried out:
case of delays- (A) Writing – Original Draft & Validation.
 Transport of products by means of which they
maintain specific environmental conditions- Creative Commons Attribution
(A)
License 4.0 (Attribution 4.0
 Review of product stability studies- (A)
 Monitoring of transport conditions International , CC BY 4.0)
(temperature, humidity) using a logger- (A)
This article is published under the terms of the
Financial management Creative Commons Attribution License 4.0
https://creativecommons.org/licenses/by/4.0/deed.en
 Actions to strengthen the financial position of _US
28 the company by securing additional financial
facilities- (A)
 Commitment of the top management to
ensure the continued fulfillment of its
29
financial obligations to staff and other
stakeholders- (PS)
 Commitment of the top management to
30 ensure the necessary infrastructure in both
logistics and personnel- (A)

Social responsibility

 Free production of antiseptics to enhance state

needs- (A)
 Provision of logistical infrastructure (masks,
31 gloves, etc.) to local authorities- (Β)
 Organization of blood donations in
compliance with the measures for COVID-
19- (Β)

E-ISSN: 2224-3496 641 Volume 18, 2022

View publication stats