Our Security Risk Management team’s experience in delivering a full scope of risk management and resiliency solutions, including crisis management, business continuity, disaster recovery, security, and emergency preparedness, demonstrates the value and depth we provide to companies.Contact us
Explore Security Risk Management
We leverage our experience in the elements of Risk Management and Resiliency utilizing industry standards and proven best practices—while addressing legal and regulatory requirements—to perform our analysis and make recommendations supporting your organizational requirements.
Risk Management and Business Resiliency
Often the terms of disaster recovery, business resumption and business continuity are used interchangeably. However, these terms are not synonymous, and as defined below, each term supports different objectives and implies a different scope.
- Risk Assessment
An overall process of risk identification, analysis and evaluation of the threats and vulnerabilities.
- Crisis Management
The overall coordination of an organization’s response to a crisis effectively and in a timely manner, with the goal of avoiding, containing, or minimizing damage to the organization’s profitability, reputation, and ability to operate.
- Business Impact Analysis
A process designed to identify critical business functions and their internal and external dependencies and to prioritize and establish recovery time objectives.
- Business Continuity Planning
It integrates disaster recovery and business continuity planning and identifies the mission-critical business processes that must survive through a significant disruption or disaster for your company to remain solvent. It addresses survivability issues.
- IT-disaster Recovery
A foundational element of an enterprise business continuity plan is addressing the recovery of technology. This includes the recovery of IT infrastructure, systems, applications, and third-party vendor-supplied technologies and telecommunications.
- Emergency Preparedness
The capability that enables an organization or community to respond to an emergency in a coordinated, timely and effective manner to prevent the loss of life and minimize employee or customer injury and property damage.
Enterprise Risk Management and Resiliency Planning Components
Evaluation of Current Conditions
Our proposed scope of services will assess and address the following aspects of the current risk assessments and emergency preparedness plans and procedures for your organization addressing:
composition of the response teams and procedures
- Existing risk assessments
- Existing documentation and designations of authority
- Communication and notification protocols
- Existing assembly mechanisms for the Emergency Response Team and decision flow for emergency response
- Interrelationships with other necessary elements such as security and business recovery
- Existing protocols for emergency contingency plans (i.e., bomb threat, hurricane, earthquake, biological attack and chemical incident, etc.) - assessment and preparedness
We will review all documentation and related materials provide by your organization. We will also conduct interviews with Executive leadership, key staff, and any other representatives that have significant input related to the review. Our teams may tour all relevant facilities to better understand the nature of the facilities. Critical recommendations will be provided for enhancing current protocols and methods to ensure your organization can respond to an incident. These critical elements and our recommendations pertaining to our review will be leveraged to standardize your organizational resiliency.
Crisis Management Planning
The scope of this plan will provide your company with the organizational framework and processes to effectively plan for, mitigate, respond to and recover from any event that may threaten your organization’s human capital, financial solvency, brand or reputation and facilities or operational capability. These events may include natural disasters, business interruptions, criminal activity, malfeasance perpetrated by individuals, or violent political activity. The crisis management plan should accurately reflect the crisis management policies of your organization and serve as the centerpiece of a complete crisis management program. In today’s complex corporate environment, “ownership” of the crisis management program must be identified and defined. Our process considers an “all hazards” approach to ensure that your crisis management process and procedures are scalable, repeatable, and consistent to address your identified risks.
Business Continuity Planning
Kroll will develop comprehensive business continuity plans and disaster recovery plans for your organization. To accomplish these tasks, a business risk assessment, and business impact analysis of the business groups and properties will be accomplished. This will include all elements of business risk analysis identified by your organization as threats, the mitigation of business risks to assets such as financial, operational, customer, brand and reputation, legal and regulatory. This process includes the following phases:
Phase 1 – Business risk analysis
Phase 2 – Business impact analysis (BIA)
Phase 3 – Response, recovery strategy development
Phase 4 – Recovery plan development
Phase 5 –Training, validation, and testing
Disaster Recovery Planning
Information Technology Disaster Recovery Planning describes the strategy and procedures for recovering technology infrastructure, data center processing of critical applications should a disaster substantially disrupt operations. The plan is organized into two parts: the main body provides a general description of the disaster recovery strategy and program; the second part provide detailed information for conducting the recovery based on the following factors:
- What systems and applications are critical to sustain the business?
- What hardware and software are required to sustain critical services?
- Are back-up strategies capable?
- What resources are needed to recover technology?
- Have our plans been trained and validated?
Plans describe the preparation and actions required to effectively respond to a disaster, assign responsibilities, and describe the procedures for testing and maintaining the plan. Plans are updated to reflect current hardware, software, procedures, critical applications, and staffing.
Emergency Preparedness Plans
Emergency preparedness planning introduces methods for identifying and assessing hazards and vulnerabilities that require an emergency response plan. The process develops a standard methodology for organizing, drafting and implementing emergency plans and related procedures. Successful completion of this effort provides for the awareness and training of employees at each site to be prepared for the following tangible business benefits:
This phase will address the in-depth development and documentation of both the emergency preparedness plan and the related emergency action plans. The emergency action plans outline how site or facility response teams will respond and document actions related to specific incidents.
These comprehensive plans will address decision-making authorities, identify incident managers and designated backup, provide protocols for dealing with incidents, and provide guidance on notification/communication mechanisms and coordination with security and business recovery elements. We will produce these documents in close coordination with organizational representatives and vendors.
See all servicesStay Ahead with Kroll
Valuation of businesses, assets and alternative investments for financial reporting, tax and other purposes.
Compliance and Regulation
End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Environmental, Social and Governance
Advisory and technology solutions, including policies and procedures, screening and due diligence, disclosures and reporting and investigations, value creation, and monitoring.
Security Risk Management
2023 Europe and Africa Security Trends: Business Resiliency Takes Center Stage
Mar 08, 2023 - 2-Minute Talk on Europe and Africa security trends and why organizations are taking active steps towards ensuring business resiliency amidst economic and geopolitical uncertainty.
Security Risk Management
Navigating Security Risks Amidst Economic Uncertainty
Two-minute talk on the effects of growing economic uncertainty and how organizations are impacted by heightened security risks.
Security Risk Management
Bob Thompson – How to Prepare for Critical Infrastructure Security Threats
Dec 06, 2022 - As part of our 2-Minute Security Talks series, Bob Thompson, Associate Managing Director in Kroll’s Security Risk Management practice for EMEA and APAC, addresses the threats to critical national infrastructure that are emerging from global geopolitical instability.