weakness-assessment – assessment of dependencies – threat-assessments – danger-assessments – risk-analyses – drafting emergency-handbooks
Emergencies use to appear unexpectedly. When, however, an emergency occurs, immediate, considered and targeted acting is required. To start implementing an organizational framework after an emergency having occurred, is likely to cost precious time. A preventive risk-and emergency-management including all measures required for the limitation of damages prior to and during incidents which may set the company´s existence at risk, is the answer. We provide full-service support on implementing an emergency- and risk organization in your company.
In addition to a danger- and damage-incident-oriented view, our assessment of risks and weaknesses includes interdependencies, dependencies and availability-requirements to be considered. Critical business-processes are assigned a critical service-level. A risk-matrix is created to assess critical risk-potentials in consideration of the severity of damage and the likelihood of an incident. This approach provides for an identification of potential hidden or underestimated risk and the effectiveness of the security measures already implemented. This instrument is the basis of your decision on whether to avoid, minimize, transfer (e.g. by an insurance-plan) or consciously accept a risk.
The purpose of Emergency-Prevention-Planning on the one hand is to defend oneself against and to minimize damage and to keep crucial processes running within the company on the other hand as it is not just damages as such harming the company, but moreover the unavailability of services, production and revenues which may emerge as a consequence of the stand-still itself. Emergency-Prevention-Planning is your key to limit the consequences of primary damages at an acceptable scale. Therefore, we identify the processes of crucial nature concerning the business operations and minimize the risks threatening these processes. That being executed, we are drafting the action plan for the restart of your business-processes.
Partial or full redundancies are the most effective and cost-intense measures. Our business continuity planning considers the principle of adequacy as we recommend a hands-on approach providing the best increase in security available for your individual budget. For bridging emergencies, person-based and organizational emergency-measures are to be considered which offer to bridge emergencies for a certain time. How and at what cost regular operations can be returned to in the aftermath, (e.g. by using a spare data-center) must always be considered. So called “single points of failure” are under protection by an enhanced preventive security level, if not already covered by a single category of measures.
Concerning the scenarios drafted and graduated, the reactions preventively planned are documented, where directives and checklists are especially considered, as such provides for being able to act efficiently and securely in regard of the various scenarios and target groups affected.
Where we are implementing an emergency-prevention-planning, it´s designed as a process. The assessment of security risks and of the adequacy of the measures and targets yet existing is executed along with our client´s management´s target-definition. The next step taken is then to plan and execute new measures. After that, the management will reissue targets in consideration of these results, which starts the process over again.
Manufacturers of IT (hardware/ software), IT-service-providers, private- and commercial end-users all are subjects to legislation as e.g. the Commercial Code, Basel II, Telecommunications Act, Share Companies Act, Limited Liability Companies Act, SOX, Legislation on the Keeping of financial books, Control- and Transparency Act, Works Constitution Law etc. Emergency-prevention-planning requires the legislation mentioned to be considered to the same extent as e.g. the legislation applying to contracting, product liability, product safety, risk management, liability for premises and data protection. We are your guides through this “jungle”.
We contribute to the constitution of a crisis team from the employees of your company. With a solely responsible experienced leader present, fast decisions can be made and executed under high pressure and with united forces, then. Any contact with public authorities as well as Information to the public, however, should happen in a way minimizing damage to the company. We are designing the plan on how to act in a crisis situation (premises, material, communication equipment) and periodically train your staff for their tasks in cases of incident.