Cyber Resilience as a Strategic Priority at Zelestra

In an increasingly digital and interconnected operating landscape, cybersecurity has become a critical enabler of business resilience and operational continuity. At Zelestra, the security of our data, systems, and digital infrastructure is essential to protecting our operations, maintaining service reliability, and safeguarding the trust of our stakeholders. 

Against this backdrop, Zelestra’s approach to cyber resilience is built around different key elements that guide how we manage cybersecurity risks and strengthen our operational resilience across the organisation.  

Governance and Risk Management 

Zelestra has robust risk management systems which facilitate strategic decision-making. This process focuses on the identification, assessment, escalation, and mitigation of risks, aligned with the company’s risk appetite, ensuring operational continuity.  

Cybersecurity threats can affect the integrity, availability, and confidentiality of the systems that support our activities, with potential financial, operational, legal, and reputational impacts. For this reason, cybersecurity is formally integrated into Zelestra’s corporate risk management framework and addressed through a structured, proactive approach focused on governance, risk management, regulatory compliance, and continuous improvement. 

Ensuring Business Continuity and Operational Resilience 

Zelestra has established a Disaster Recovery Plan as a core element of its cybersecurity and business continuity framework. The plan is designed to ensure the timely recovery of critical systems and information in the event of a cyber incident or other disruptive event, minimizing operational impacts and supporting the continuity of essential business processes. Disaster recovery arrangements are regularly reviewed and aligned with the company’s evolving risk profile and operational needs. 

Alignment with International Information Security Standards 

Zelestra is focused on aligning its strategy with certifications such as ISO 27001, NIS2, NERC, etc. The priorities lie in establishing, implementing, maintaining, and continually improving an information security management system (ISMS), emphasizing governance, risk management, incident management, supply chain management, involving the highest levels of the organization, and facilitating stakeholder engagement. 

Compliance and Monitoring 

Zelestra ensures regulatory alignment, compliance and adherence to industry best practices across all jurisdictions where it operates. This includes mechanisms for prevention, monitoring, and reporting, which are key components of ISO 27001 compliance requirements. 

Stakeholder Engagement and Transparency 

Zelestra maintains open channels for communication with stakeholders and promotes transparency through its Sustainability Report and public policies. This engagement aligns with ISO 27001’s focus on ensuring stakeholder awareness and addressing concerns related to information security. 

To reinforce this approach, Zelestra conducts periodic external audits to independently assess the effectiveness of its cybersecurity controls and management systems, ensuring ongoing compliance, resilience and continuous improvement.