Minimum Vital Company

The smallest version of your company, the vital one, that must keep running. Not a plan. An operating model.

Book a DemoSee the Platform

THE PROBLEM

Companies don't fail from lack of plans. They fail from inability to execute.

Traditional Approach

Plans reviewed annually. Documentation signed off, stored securely, independently from core IT. Governance in order.

  • Plans that assume systems will be available
  • Data locked inside the systems that are down
  • Approvals that require access that no longer works
  • People who know the process are not in the room

Minimum Vital Company

Run only what matters. Independent from primary systems. Ready before you need it.

  • Processes designed to run without IT
  • Critical data synced, governed, always fresh
  • Roles and responsibilities pre-assigned
  • Tested through simulation, not imagination

THE INSIGHT

You don't need everything. Just what is Vital.

YOUR FULL COMPANY

Dozens of systems, hundreds of processes

ERPCRMHR SystemsAnalyticsReportingMarketing toolsInternal wikisProject mgmtDev environmentsNon-critical APIs

MINIMUM VITAL COMPANY

Only what must keep running

✓ Payroll execution✓ Supplier payments✓ Inventory & Logistics✓ Customer commitments✓ Regulatory obligations✓ Core production

Minimum Vital Company

Three layers. One executable core.

Not 100% of operations. Just the irreducible core, defined in advance, built to run independently. That is the Minimum Vital Company.

1

Vital Activities

Important business services defined at ExCom level as non-negotiable. Not categories. Commitments: “Ensure Critical Payments.” “Ensure People & Site Safety.” Whatever happens, these run.

Service DeliveryCustomer RelationsPeople & Sites SafetyCritical PaymentsCommunication & Compliance
2

Critical Processes

Step-by-step procedures that deliver each vital activity, pre-designed and executable without primary IT systems. Every process activated is one less vulnerability when a crisis hits.

3

Key Data

The specific datasets each process requires to execute. Sourced from your existing systems, stored independently, always kept fresh.

Together, these three layers form the operational core that must remain alive no matter what happens. That core is your AlwaysReady® foundation.

Supported by

Data SyncAutomationPost-Quantum SecurityGuided Execution

COMPARISON

Traditional approach vs. Minimum Vital Company

Traditional Approach

  • Static PDF-based continuity plans
  • Assumes IT systems will be available
  • Tested annually at best, rarely under real conditions
  • Owned by risk teams, disconnected from operations
  • No audit trail during actual crisis
  • Recovery takes weeks with no execution bridge

Minimum Vital Company

  • Executable processes, ready to run instantly
  • Operates independently from primary systems
  • Continuously tested through simulations
  • Owned by business units, governed by CISO
  • Full audit trail on every action during crisis
  • Vital activities continue from day one of disruption

COMMON MISCONCEPTIONS

What the MVC is not.

Not another document

Not another document

Most organizations already have continuity plans. The problem is not the plan. When a crisis hits, the plan sits in a folder, the systems are down, and no one knows what to do next. The MVC does not add another document to that folder. It replaces the question “what should we do?” with the ability to actually do it.

Not an IT tool

Not an IT tool

The MVC is owned by the business: COO, CFO, Head of Operations. Not because IT is excluded, but because the MVC must function precisely when IT cannot. An execution layer that depends on the systems it is designed to replace is not a backup. It is a risk.

Not a BCP replacement

Not a BCP replacement

Your BCP identifies which processes matter. The MVC makes them executable. If you have a BCP, you already know what belongs in your MVC. What you likely do not have yet is the ability to execute it.

WHERE TO START

Start with Treasury. Then scale.

When operations are disrupted, the first question is never strategic. It is operational: can we pay suppliers? Can we process payroll? Treasury is the natural entry point because its processes are cross-functional by design, connecting banks, ERPs, legal entities, and business lines in a single execution chain.

THE THREE PEOPLE YOU NEED

Head of Treasury

Owns the process. Defines what must run, in what order, with what data.

CISO

Owns the infrastructure context. Validates the independent execution architecture.

COO

Sponsors at ExCom level. Defines Vital Activities. Ensures the MVC covers what matters.

TWO PATHS. SAME DESTINATION.

The pragmatic path

One critical process. One Process Owner. One set of SMEs. Operational in weeks. The scope is defined, the stakeholders are identifiable, the output is immediately testable.

The governed path

Anchor in your regulatory framework: DORA Article 11, NIS2 Chapter IV, or your internal BCP governance. Vital Activities defined at ExCom. Critical processes mapped by business lines.

Organizations that start pragmatically almost always move to the governed model once the first process is live. The first deployment demonstrates the pattern. The framework makes it repeatable.

BUILT IN ASTRAN

Your MVC is not a concept. It's built and executed inside Astran.

From scoping to go-live in a matter of weeks. The timeline depends on the number of processes, business units involved, data sources, and transformation rules required. The platform handles process design, data sync, access governance, guided execution, and audit trail.

1

Scope & Map

2

Design & Configure

3

Test & Validate

4

Simulate & Go Live

Start Your First Process