Business Continuity

Our team of experts can highlight any weaknesses in your existing business continuity and disaster recovery plans and recommend updates based on industry best practices.

Anything that affects your facilities, operations or people can put your business continuity at risk, from natural disasters like hurricanes that stall shipments of critical components and infrastructure failures like overtaxed power grids, to civil unrest or labor strikes.

Kroll’s experts will assess the effectiveness of your existing business continuity and disaster recovery plans and highlight any weaknesses and recommend updates based on industry best practices. Our comprehensive process typically includes three phases:

Phase 1 – Business Risk Analysis and Business Impact Analysis (BIA)

To develop comprehensive business continuity and disaster recovery plan for your organization, Kroll will learn and understand your business and critical activities through a business risk analysis of the business groups and properties. This will include all elements collaboratively identified as: threats, assets and mitigation; and business risks to assets such as: financial, customer, brand and reputation, operational, legal and regulatory. Our approach is in line with the following international standards:

  • IOS 22301:2012 – societal security, business continuity management (BCM) systems requirements (United Kingdom)
  • ISO 22313:2012 – societal security, BCM systems guidance (United Kingdom)
  • ISO/IEC 27031:2011 – information security (United Kingdom)
  • ANSI/ASIS SPC.1-2009 – organizational resilience (North America)
  • FFIEC:2008 – business continuity planning booklet; mandatory requirement for U.S. banks and their service providers (North America)
  • AS/NZ HB 167 – security risk management (Australia)
  • Basel II: 2006 – revised international capital framework, applies to international banks


Phase 2 – Response Strategy and Recovery Plan Development

Based on your priorities and our analysis, Kroll will develop a supporting framework for the plan, as well as identify the resources for maintaining full or limited continuity of operations in the event of an incident.

Construction of the plan will be a collaborative effort within all levels of the organization to ensure alignment regarding various threatening scenarios.

Phase 3 – Training and Testing

To ensure the effectiveness of the plan in the event of a disaster, our team can provide training to help organizations respond with confidence. Testing recovery sites and emergency evacuation processes also ensures that they are safe, consistent, scalable, and repeatable.

/en-ca/services/security-risk-management/resilience-consulting/business-continuity /-/media/feature/services/security-risk-management/resilience-consulting-desktop-banner.jpg service

Resilience Consulting

Contact Us


Security Risk Management

Three Ways to Boost Business Resilience and Maintain Critical Infrastructure

Security Risk Management
Compliance Risk

Country-specific COVID-19 Business Impact Snapshot – Now Available

Compliance Risk
Risk Management

COVID-19 Immediate to Long-Term Business Continuity Planning

Risk Management

Now Available – Same-Day Endpoint Protection Deployment for Remote Workers