On Monday, 28 April, a Portugal and Spain suffered a widespread blackout for around 9 hours, disrupting services, communications and, of course, the pace of work in many organizations. Our company was also affected. This unexpected event brought to light one of the most critical dimensions of information security: availability.

Our Information Security Management System (ISMS), certified according to ISO 27001, is based on the following principles:
➡️ Confidentiality – protecting data from unauthorised access
➡️ Integrity – ensuring that data is not improperly altered
➡️ Availability – ensuring that data and systems are accessible whenever necessary

By storing our data in redundant data centres located in different Central European countries, we are able to maintain the confidentiality and integrity of the information unchanged. However, local availability has been compromised.

️ Safety First

Our immediate priority was to ensure the physical safety of all the team members, their families and those close to them. Once we had confirmed that there were no immediate security risks, we turned our attention to impact analysis and mitigation measures.

 Learning and Continuous Improvement

We held a company meeting to share experiences and gather practical ideas on how to strengthen our operational resilience in similar situations in the future. Below are some of the measures under evaluation and implementation:

1️⃣ Energy and Equipment Management

• Review the autonomy time of UPS (uninterruptible power supplies) by type of equipment
• Define the equipment to be connected to the UPS:
  • Main monitor only
  • Priority PCs and routers
  • Power off peripherals and second monitor during blackout
• Create low-consumption profiles: turn off non-essential lights and appliances

2️⃣ Continuity of Communication

• Allow PCs to access the internet by tethering with personal mobile phones via the mobile network (hotspot)
• Test and document this process in all departments

3️⃣ External Communication

• Create a rapid notification plan for customers, suppliers and partners
  • Message type for e-mail and WhatsApp
  • Emergency communication channel (e.g. private Telegram channel or broadcast list)

4️⃣ Simulations and Procedures

• Schedule regular power outage simulations
• Create a manual with minimum blackout procedures:
  • Immediate steps to follow
  • People responsible for each stage
  • Criteria for activating the contingency plan

 Other ideas to consider

• Corporate power banks capable of charging laptops and mobile modems
• Routers with built-in batteries that can operate for a few hours without mains power
• Portable mini solar kits (for extended power outages)
• Define priority levels by department: who should remain active for as long as possible
• Create an internal database of alternative contacts (mobile emergency numbers)

 Conclusion

The blackout was a valuable reminder that even with a robust infrastructure, we are subject to external factors. The most important thing is to be proactive in our preparation, response and continuous improvement. We remain committed to excellence in information security – not just because of regulatory requirements, but out of respect for the trust our customers and partners place in us.