Enterprise Risk Management and Resiliency Planning Components
Evaluation of Current Conditions
Our proposed scope of services will assess and address the following aspects of the current risk assessments and emergency preparedness plans and procedures for your organization addressing:
composition of the response teams and procedures
- Existing risk assessments
- Existing documentation and designations of authority
- Communication and notification protocols
- Existing assembly mechanisms for the Emergency Response Team and decision flow for emergency response
- Interrelationships with other necessary elements such as security and business recovery
- Existing protocols for emergency contingency plans (i.e., bomb threat, hurricane, earthquake, biological attack and chemical incident, etc.) - assessment and preparedness
We will review all documentation and related materials provide by your organization. We will also conduct interviews with Executive leadership, key staff, and any other representatives that have significant input related to the review. Our teams may tour all relevant facilities to better understand the nature of the facilities. Critical recommendations will be provided for enhancing current protocols and methods to ensure your organization can respond to an incident. These critical elements and our recommendations pertaining to our review will be leveraged to standardize your organizational resiliency.
Crisis Management Planning
The scope of this plan will provide your company with the organizational framework and processes to effectively plan for, mitigate, respond to and recover from any event that may threaten your organization’s human capital, financial solvency, brand or reputation and facilities or operational capability. These events may include natural disasters, business interruptions, criminal activity, malfeasance perpetrated by individuals, or violent political activity. The crisis management plan should accurately reflect the crisis management policies of your organization and serve as the centerpiece of a complete crisis management program. In today’s complex corporate environment, “ownership” of the crisis management program must be identified and defined. Our process considers an “all hazards” approach to ensure that your crisis management process and procedures are scalable, repeatable, and consistent to address your identified risks.
Business Continuity Planning
Kroll will develop comprehensive business continuity plans and disaster recovery plans for your organization. To accomplish these tasks, a business risk assessment, and business impact analysis of the business groups and properties will be accomplished. This will include all elements of business risk analysis identified by your organization as threats, the mitigation of business risks to assets such as financial, operational, customer, brand and reputation, legal and regulatory. This process includes the following phases:
Phase 1 – Business risk analysis
Phase 2 – Business impact analysis (BIA)
Phase 3 – Response, recovery strategy development
Phase 4 – Recovery plan development
Phase 5 –Training, validation, and testing
Disaster Recovery Planning
Information Technology Disaster Recovery Planning describes the strategy and procedures for recovering technology infrastructure, data center processing of critical applications should a disaster substantially disrupt operations. The plan is organized into two parts: the main body provides a general description of the disaster recovery strategy and program; the second part provide detailed information for conducting the recovery based on the following factors:
- What systems and applications are critical to sustain the business?
- What hardware and software are required to sustain critical services?
- Are back-up strategies capable?
- What resources are needed to recover technology?
- Have our plans been trained and validated?
Plans describe the preparation and actions required to effectively respond to a disaster, assign responsibilities, and describe the procedures for testing and maintaining the plan. Plans are updated to reflect current hardware, software, procedures, critical applications, and staffing.
Emergency Preparedness Plans
Emergency preparedness planning introduces methods for identifying and assessing hazards and vulnerabilities that require an emergency response plan. The process develops a standard methodology for organizing, drafting and implementing emergency plans and related procedures. Successful completion of this effort provides for the awareness and training of employees at each site to be prepared for the following tangible business benefits:
This phase will address the in-depth development and documentation of both the emergency preparedness plan and the related emergency action plans. The emergency action plans outline how site or facility response teams will respond and document actions related to specific incidents.
These comprehensive plans will address decision-making authorities, identify incident managers and designated backup, provide protocols for dealing with incidents, and provide guidance on notification/communication mechanisms and coordination with security and business recovery elements. We will produce these documents in close coordination with organizational representatives and vendors.