Business Resilience
Business Resilience
Regulators in many jurisdictions now believe that it is not a case of if, but when a company will be hacked and therefore the focus on resilience to withstand such an event is increasing.
Considerations
-
Do you have Cyber/IT Security, Business Continuity/Disaster Recovery and Third Party/Cloud Service programmes managed and implemented by separate parts of the organisation?
-
Are key assets (People, IT, Processes, Facilities) enabling critical business services mapped?
-
Are IT controls appropriate to mitigate those threats that can cause your organisation most harm?
-
Do you complete multiple assessments to comply with regulatory, industry standard and client requirements?
-
Do you understand the end to end risk associated with IT assets and external providers supporting critical business services?
In summary
We can assess the following areas
-
High level review of Cyber/ IT Security, BC/DR and Third Party/Cloud programmes are aligned to ensure resilience of critical business services
-
An enterprise’s ability to absorb an event and continue to deliver critical business services or return to a new normal
-
Strategic programmes to determine resilience through design
-
Effectiveness of risk reduction in key remediation programmes and implementation of evergreen processes
Advise on programme enhancement
-
Risk and resilience frameworks including target operating models
-
Test once use many processes to reduce touchpoints on IT teams from multiple assessments and client reviews
-
Effective management information
-
Continuous improvement opportunities