A continuity plan identifies the risks and threats to business continuity and provides advice on how to manage them and on how to develop good practices.
The most important functional elements in a continuity plan are management, communication, situational awareness and advice on how to manage disruptive incidents. An absolutely crucial part of this are all matters relating to information security and cyber security. A continuity plan deals with and gives instructions on concrete technical and functional matters. The aim is for these guidelines to become part of the daily functioning of the business and they have been designed to eliminate risks to the business operations also as a preventative measure during normal operation.
The aim of crisis management training is to test the viability of plans, develop the company guidelines and the knowledge and skills of the staff and to increase the number of employees capable of different tasks. With a well-planned and determined training plan in place, all of these areas can be improved. By varying the training focus and assigning responsibility to different people during different sessions, we can improve the overall skill level and can thus ensure that the number of people with disruption management experience increases.
In the training and during the exercises, the main focus is management process training, crisis communication which supports it, as well as situational awareness. Key components are seamless communication within the company and with its main subcontractors, cooperation partners and the authorities.
In an emergency situation, the amount of information and the need for communication rises dramatically. In order to enable efficient management, it is crucial to ensure that the majority of the messages can be dealt with outside the management. The information needs to be verified and there must be a way to monitor the follow-through of assigned tasks.
We give guidance and train businesses to create a way to assess their situation that suits them which they then can proceed to use. The suitable approach is dictated by the size of the company.
A company's crisis resilience often depends on its service providers' or suppliers' ability to manage disruptions affecting their own businesses. Therefore a company's own continuity planning may not be sufficient, which means that the plans and preparedness of the company's key service providers should be brought to a sufficient level. We assess, on behalf of your company, how able your subcontractors are to manage serious disruptions and create, as a result, a continuity management development plan for the subcontractor.
We provide information security planning related to continuity planning for companies and different types of exercises and testing with the aim to enhance IT security. We view information security widely as including security management, physical safety and technical information security according to the requirements of the national auditing criteria (KATAKRI) and ISO27001 standard. We make information security and its management a seamless part of business continuity planning for your company.
We design and develop security and information security management systems and assess and audit them. Based on the assessments and audits, we make development plans and lead development projects. We assist with the drafting of security agreements and help companies obtain security clearances such as Facility Security Clearance (FSC) and Document Safeguarding Capability (DSC).
Crisis communication is an intrinsic part of managing disruptions. We help you make plans for developing your crisis communication and provide help with practising how to communicate during disruptive situations. We help your management improve their presentation skills by preparing them for interviews and briefings. We provide the management with insight into the impact that the media has on managing the company.
Instead of one-off exercises or planning commissions, we can take on continuity planning for your company as a service. Such a service can, for example, entail the coordination and reporting to management of company security and continuity management tasks and creating a development plan, as well as coordinating the development activities and reporting of the progress. Where required, we also support the management with the decision making and leadership during crisis situations. What the service entails and to what extent is always discussed separately with each individual client.
Efficient continuity management is based on sufficient knowledge of the threats to business operations and company assets. Once the risks are known, it becomes possible to act appropriately. After agreeing on the focus of the risk assessment, we identify risks together with the company's key personnel and assess their possible impact and probability. Based on the results, we will create a risk chart which will help us assess how well critical risks are being managed at the moment and what developments are needed. The risk assessment will provide us with a concrete plan of action with a defined goal, tasks, schedule, allocated responsibilities and follow-up of results.