Risk Management Company
UK based specialist risk management company with a team of more than fifty consultants carrying out risk assessments to manage safety and environmental risks, plus a software team and head office staff supporting consulting activities and providing a specialist risk management software tool.
The client recognised there was a significant dependence on technology which is an integral part of their provision of consultancy and software services to clients. There were additional factors as the client is based at a single site and has experienced some challenges, such as power/connectivity disruptions to day-to-day services.
As risk managers themselves, their clients expect them to manage resilience related risks, including business continuity, IT disaster recovery and cyber security. The client was reasonably confident with their arrangements, although it was felt an independent validation would give a greater level of assurance that nothing had been missed and plans should be produced to ensure recovery strategies and contingencies work in practice.
Ultimately the client wanted to protect its reputation built up over twenty years and engaged Teed to assist in developing and implementing their business continuity plan.
Teed’s consultant took the client through the business continuity management (BCM) lifecycle, initially carrying out a business impact analysis to understand the critical activities, resource requirements and workarounds/contingencies. The consultant also analysed the technical response and recovery capability to ascertain any gaps in the strategy.
A business continuity recommendations report was presented to the client stating the current position and what was required to build greater resilience. The client took on board the recommendations and made improvements. The report also provided validation to the client that they were already quite well prepared in resilience terms, due to their own risk management and technology expertise.
The project concluded with Teed running an exercise where all directors representing business areas came together and were given evolving scenarios designed to challenge the business continuity plan and associated strategies. The scenarios included a cyber security event impacting on technology, a threat which, for business continuity planning, has to be assumed could occur however well managed the risks. The response and recovery strategies proved that consulting and software services to clients would continue at acceptable levels.
The exercise raised awareness of the importance of business continuity, keeping plans up to date and provided the directors with the assurance that they were well placed to manage a disruptive incident.
Now with plans and response teams in place, there is a good understanding of what to do to maintain operations as well as being sufficiently flexible to manage a combination of disruptive events.
The Directors are wholly confident in the business continuity, IT disaster recovery and cyber security procedures which is a positive message for stakeholders and could give them a competitive advantage henceforth.