Business Continuity

Our Security Risk Management team’s experience in delivering a full scope of risk management and resiliency solutions, including crisis management, business continuity, disaster recovery, security, and emergency preparedness, demonstrates the value and depth we provide to companies.

Contact us
/en/services/security-risk-management/resilience-consulting/business-continuity /-/media/feature/services/security-risk-management/business-continuity-desktop-banner.jpg service

We leverage our experience in the elements of Risk Management and Resiliency utilizing industry standards and proven best practices—while addressing legal and regulatory requirements—to perform our analysis and make recommendations supporting your organizational requirements.

Risk Management and Business Resiliency 

Often the terms of disaster recovery, business resumption and business continuity are used interchangeably. However, these terms are not synonymous, and as defined below, each term supports different objectives and implies a different scope.

  • Risk Assessment
    An overall process of risk identification, analysis and evaluation of the threats and vulnerabilities.
  • Crisis Management
    The overall coordination of an organization’s response to a crisis effectively and in a timely manner, with the goal of avoiding, containing, or minimizing damage to the organization’s profitability, reputation, and ability to operate.
  • Business Impact Analysis
    A process designed to identify critical business functions and their internal and external dependencies and to prioritize and establish recovery time objectives.
  • Business Continuity Planning
    It integrates disaster recovery and business continuity planning and identifies the mission-critical business processes that must survive through a significant disruption or disaster for your company to remain solvent. It addresses survivability issues.
  • IT-disaster Recovery
    A foundational element of an enterprise business continuity plan is addressing the recovery of technology. This includes the recovery of IT infrastructure, systems, applications, and third-party vendor-supplied technologies and telecommunications.
  • Emergency Preparedness
    The capability that enables an organization or community to respond to an emergency in a coordinated, timely and effective manner to prevent the loss of life and minimize employee or customer injury and property damage.

Risk Management and Business Resiliency

Enterprise Risk Management and Resiliency Planning Components

Evaluation of Current Conditions 

Our proposed scope of services will assess and address the following aspects of the current risk assessments and emergency preparedness plans and procedures for your organization addressing:
composition of the response teams and procedures

  • Existing risk assessments
  • Existing documentation and designations of authority
  • Communication and notification protocols
  • Existing assembly mechanisms for the Emergency Response Team and decision flow for emergency response
  • Interrelationships with other necessary elements such as security and business recovery
  • Existing protocols for emergency contingency plans (i.e., bomb threat, hurricane, earthquake, biological attack and chemical incident, etc.) - assessment and preparedness

We will review all documentation and related materials provide by your organization.  We will also conduct interviews with Executive leadership, key staff, and any other representatives that have significant input related to the review. Our teams may tour all relevant facilities to better understand the nature of the facilities. Critical recommendations will be provided for enhancing current protocols and methods to ensure your organization can respond to an incident.  These critical elements and our recommendations pertaining to our review will be leveraged to standardize your organizational resiliency.

Crisis Management Planning

The scope of this plan will provide your company with the organizational framework and processes to effectively plan for, mitigate, respond to and recover from any event that may threaten your organization’s human capital, financial solvency, brand or reputation and facilities or operational capability. These events may include natural disasters, business interruptions, criminal activity, malfeasance perpetrated by individuals, or violent political activity. The crisis management plan should accurately reflect the crisis management policies of your organization and serve as the centerpiece of a complete crisis management program. In today’s complex corporate environment, “ownership” of the crisis management program must be identified and defined. Our process considers an “all hazards” approach to ensure that your crisis management process and procedures are scalable, repeatable, and consistent to address your identified risks.

Business Continuity Planning

Kroll will develop comprehensive business continuity plans and disaster recovery plans for your organization. To accomplish these tasks, a business risk assessment, and business impact analysis of the business groups and properties will be accomplished. This will include all elements of business risk analysis identified by your organization as threats, the mitigation of business risks to assets such as financial, operational, customer, brand and reputation, legal and regulatory. This process includes the following phases:

Phase 1 – Business risk analysis

Phase 2 – Business impact analysis (BIA)

Phase 3 – Response, recovery strategy development

Phase 4 – Recovery plan development

Phase 5 –Training, validation, and testing 

Disaster Recovery Planning

Information Technology Disaster Recovery Planning describes the strategy and procedures for recovering technology infrastructure, data center processing of critical applications should a disaster substantially disrupt operations. The plan is organized into two parts: the main body provides a general description of the disaster recovery strategy and program; the second part provide detailed information for conducting the recovery based on the following factors:

  • What systems and applications are critical to sustain the business?
  • What hardware and software are required to sustain critical services?
  • Are back-up strategies capable?
  • What resources are needed to recover technology?
  • Have our plans been trained and validated? 

Plans describe the preparation and actions required to effectively respond to a disaster, assign responsibilities, and describe the procedures for testing and maintaining the plan.  Plans are updated to reflect current hardware, software, procedures, critical applications, and staffing. 

Emergency Preparedness Plans

Emergency preparedness planning introduces methods for identifying and assessing hazards and vulnerabilities that require an emergency response plan. The process develops a standard methodology for organizing, drafting and implementing emergency plans and related procedures. Successful completion of this effort provides for the awareness and training of employees at each site to be prepared for the following tangible business benefits:

This phase will address the in-depth development and documentation of both the emergency preparedness plan and the related emergency action plans. The emergency action plans outline how site or facility response teams will respond and document actions related to specific incidents. 

These comprehensive plans will address decision-making authorities, identify incident managers and designated backup, provide protocols for dealing with incidents, and provide guidance on notification/communication mechanisms and coordination with security and business recovery elements. We will produce these documents in close coordination with organizational representatives and vendors.

Connect with us

Connect with us

John Friedlander is a Senior Director
John Friedlander
Associate Managing Director
Security Risk Management
Timothy V Horner
Timothy V. Horner
Senior Managing Director and Global Head of Security Risk Management
Security Risk Management
New York
Matthew J Dumpert
Matthew J. Dumpert
Managing Director, North America Practice Leader
Security Risk Management
New York
Bob Thompson
Bob Thompson
Associate Managing Director, EMEA and APAC
Security Risk Management

See all servicesStay Ahead with Kroll


Valuation of businesses, assets and alternative investments for financial reporting, tax and other purposes.

Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.

Corporate Finance and Restructuring

Middle Market M&A, Strategic Advisory, Debt Advisory and Private Capital Markets, Restructuring and Insolvency Services, Financial Due Diligence, Fairness Opinions, Solvency Opinions and ESOP/ERISA Advisory.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Environmental, Social and Governance

Advisory and technology solutions, including policies and procedures, screening and due diligence, disclosures and reporting and investigations, value creation, and monitoring.

Investigations and Disputes

World-wide expert services and tech-enabled advisory through all stages of diligence, forensic investigation, litigation, disputes and testimony.

Business Services

Expert provider of complex administrative solutions for capital events globally. Our services include claims and noticing administration, debt restructuring and liability management services, agency and trustee services and more.

Security Risk Management

2023 Europe and Africa Security Trends: Business Resiliency Takes Center Stage

Mar 08, 2023 - 2-Minute Talk on Europe and Africa security trends and why organizations are taking active steps towards ensuring business resiliency amidst economic and geopolitical uncertainty.


Security Risk Management

2023 North America Security Trends: Staying Ahead of Modern-Day Risks

Feb 22, 2023 - A 2-Minute Security Talk highlighting 2023 risk, safety and security trends in North America and why organizations should be prepared for an increase in workplace violence and theft issues.


Security Risk Management

Navigating Security Risks Amidst Economic Uncertainty

Two-minute talk on the effects of growing economic uncertainty and how organizations are impacted by heightened security risks.


Security Risk Management

Bob Thompson – How to Prepare for Critical Infrastructure Security Threats

Dec 06, 2022 - As part of our 2-Minute Security Talks series, Bob Thompson, Associate Managing Director in Kroll’s Security Risk Management practice for EMEA and APAC, addresses the threats to critical national infrastructure that are emerging from global geopolitical instability.


Episode 17

Business Resiliency in Times of Conflict

Mar 30, 2022

by Nick DoyleMatthew J. Dumpert

Risk Management

COVID-19 Immediate to Long-Term Business Continuity Planning

Apr 01, 2020

by Timothy V. HornerNick Doyle


Security Concepts

Jun 30, 2022

Video Library

Security Risk Management –
Hear Ongoing Global Security Insights From Our Security Risk Management Experts