Security Risk Management

Business Continuity

Our team of experts can highlight any weaknesses in your existing business continuity and disaster recovery plans, recommending updates based on industry best practices.

Anything that affects your facilities, operations, or people can put your business continuity at risk, from natural disasters like hurricanes that stall shipments of critical components, to infrastructure failures like overtaxed power grids, to civil unrest or labor strikes.

Kroll’s expertise and knowledge to assess the effectiveness of your existing business continuity and disaster recovery plans allow us to highlight any weaknesses and recommend updates based on industry best practices. Our comprehensive process typically includes three phases:


Phase 1 – Business Risk Analysis & Business Impact Analysis (BIA)

To develop comprehensive business continuity and disaster recovery plan for your organization, Kroll will come to understand your business and critical activities through a business risk analysis of the business groups and properties. This will include all elements collaboratively identified as: threats, assets and mitigation; business risks to assets such as: financial, customer, brand and reputation, operational, legal and regulatory. Our approach is in line with the following international standards:

  • IOS 22301:2012 – Societal security, BCM systems requirements (United Kingdom)
  • ISO 22313:2012 – Societal security, BCM systems guidance (United Kingdom)
  • ISO/IEC 27031:2011 – Information security (United Kingdom)
  • ANSI/ASIS SPC.1-2009 – Organizational resilience (North America)
  • FFIEC:2008 – Business Continuity planning booklet – Mandatory requirement that applies to US banks and their service providers (North America)
  • AS/NZ HB 167 – Security risk management (Australia)
  • Basel II: 2006 – Revised international capital framework, applies to international banks


Phase 2 – Response Strategy & Recovery Plan Development

Based on your priorities and our analysis, Kroll will develop a supporting framework for the plan, as well as identify the resources for maintaining full or limited continuity of operations in the event of an incident.

Construction of the plan will be a collaborative effort within all levels of the organization to ensure alignment regarding various threatening scenarios.


Phase 3 – Training and Testing

To ensure the effectiveness of the plan in the event of a disaster, our team can provide training exercises that help organizations respond with confidence. Testing recovery sites and emergency evacuation processes also ensures that they are safe, consistent, scalable, and repeatable.

/en/services/security-risk-management/resilience-consulting/business-continuity /-/media/kroll/images/banners/services/jpg/desktop/security-risk-management.ashx service

Related Services

Security Risk Management

Resilience Consulting

Services include assessments, plan designs, drills and emergency security services.

Resilience Consulting