Our team of experts can highlight any weaknesses in your existing business continuity and disaster recovery plans, recommending updates based on industry best practices.
Anything that affects your facilities, operations, or people can put your business continuity at risk, from natural disasters like hurricanes that stall shipments of critical components, to infrastructure failures like overtaxed power grids, to civil unrest or labor strikes.
Kroll’s expertise and knowledge to assess the effectiveness of your existing business continuity and disaster recovery plans allow us to highlight any weaknesses and recommend updates based on industry best practices. Our comprehensive process typically includes three phases:
Phase 1 — Business Risk Analysis & Business Impact Analysis (BIA)
To develop comprehensive business continuity and disaster recovery plan for your organization, Kroll will come to understand your business and critical activities through a business risk analysis of the business groups and properties. This will include all elements collaboratively identified as: threats, assets and mitigation; business risks to assets such as: financial, customer, brand and reputation, operational, legal and regulatory. Our approach is in line with the following international standards:
- IOS 22301:2012 – Societal security, BCM systems requirements (United Kingdom)
- ISO 22313:2012 – Societal security, BCM systems guidance (United Kingdom)
- ISO/IEC 27031:2011 – Information security (United Kingdom)
- ANSI/ASIS SPC.1-2009 – Organizational resilience (North America)
- FFIEC:2008 – Business Continuity planning booklet – Mandatory requirement that applies to US banks and their service providers (North America)
- AS/NZ HB 167 – Security risk management (Australia)
- Basel II: 2006 – Revised international capital framework, applies to international banks
Phase 2 — Response Strategy & Recovery Plan Development
Based on your priorities and our analysis, Kroll will develop a supporting framework for the plan, as well as identify the resources for maintaining full or limited continuity of operations in the event of an incident.
Construction of the plan will be a collaborative effort within all levels of the organization to ensure alignment regarding various threatening scenarios.
Phase 3 — Training and Testing
To ensure the effectiveness of the plan in the event of a disaster, our team can provide training exercises that help organizations respond with confidence. Testing recovery sites and emergency evacuation processes also ensures that they are safe, consistent, scalable, and repeatable.