Resiliency Services

Our services and products address the entire resiliency management lifecycle, from assessment to planning, program development, various plan development, testing and exercises, training and education, and finally to post incident analysis. In direct collaboration with our customers, we define custom resiliency and continuity management programs comprised of one or more of the following components:

Preparedness and Resiliency Assessment

Disruptive events continually affect operational capabilities of organizations and systems that they depend on. To make the most effective use of limited resources, it is critically important to understand the strengths and weaknesses of your current continuity and resiliency capabilities. Preparedness and resiliency assessment assists you in measuring and comparing the maturity of your existing capabilities against best practices (e.g., BCI GPG), formal frameworks (e.g., Resiliency Management Model – RMM), national and international standards (e.g., BS25999), federal specifications (e.g., PS-PREP), or a tailored combination of these specifications. Such assessments will establish the foundational recommendations and associated roadmap to move your resilience activities forward.

Enterprise Risk Map Development

One of the unique capabilities that the IT Cadre resiliency practice offers its customers is the development of an enterprise-wide risk map which characterizes all the areas across the entire organization (including processes, people, technology, and operations) where risk is present and where the enterprise should make an explicit decision as to whether any preparedness planning activity is warranted. The subject risk maps are developed individually and uniquely for each organization and it is presented in a single visualization-based artifact. Once developed, this risk map can then be utilized for other purposes, such as colored heat-map depicting degree of unmitigated risk across the enterprise, graphical tool to illustrate areas needing tactical (short-term) and/or strategic (long-term) improved preparedness planning, and communicating organization’ s progress toward higher resiliency and lower risk profile.

Strategic Planning

Most organizations benefit from identifying, documenting, communicating, and beginning to execute an overall enterprise-wide (often multi-year) strategic plan as a critical guiding principle for when, where, and how to invest (or redirect) resources for a variety of preparedness planning activities, operational risk management efforts, and obtaining necessary tools, infrastructure, and services. Our resiliency practice helps our customers develop and document cost-effective and comprehensive preparedness and resiliency strategy, designed to meet their unique business and operational needs. Development of such overall preparedness and resiliency strategies is a fundamental step for any organization interested in improving its resiliency posture in a structured and cost-controlled manner. We utilize our proven techniques that are grounded in fundamentals of systems engineering, risk management, and abidance to national and international standards, to assist our customers in such endeavors.

Continuity Program Development

Strategic plans and enterprise-wide plans can only be fruitful if they are executed by a well crafted and well managed program; a program with actionable schedule, well defined cost profile, and measureable performance and progress. IT Cadre’s resiliency personnel have extensive hands-on experience with establishing enterprise-wide continuity and business resiliency programs consisting of a such components as: governance  and compliance; risk management; policy and command-media framework; education, training, and awareness; reporting and communications; executive support and oversight; financial planning; program management office functions;  roles and responsibilities for preparedness plan development, executions, testing, and updating; assessments and audits; etc. Our experienced personnel, with the direct involvement of our customers, commit to developing an enterprise-wide continuity and business resiliency program that will result in an increased operational resiliency posture through technology infusion, process unification, standardization, automation, and training, while balancing affordability and risk management.

Continuity Program Management

When desired by our customers, we partner with them in the implementation of their organization’s continuity and business resiliency program and associated activities. Such engagements could vary anywhere from day-to-day execution of the program with assigned dedicated subject matter experts, to intermittent but regular engagements for plan maintenance and updates to as-needed interactions for unique services such as assessments, audits, drills, and post-incident analysis and corrective action development. These services are highly tailored to best match the needs of the enterprise and the associated continuity and business resiliency programs that have been put in place.

Business Impact Analysis

Business Impact Analysis (BIA) is the process of analyzing business functions and the effect that a business disruption might have upon them. It prioritizes business processes by assessing the quantitative and/or qualitative impact that might result following a business disruption. BIA identifies vital business functions and their dependencies. These dependencies may include suppliers, personnel, other business processes, IT services, etc. When applied to an IT environment, BIA identifies the recovery requirements for IT services. Examples of such requirements include Recovery Point Objectives (RPO), Recovery Time Objectives (RTO), minimum service level targets, etc. BIA is a fundamental step in any business continuity planning process. Our approach to BIA, in addition to identifying the organization’s critical business processes, characterizes interdependences between these processes and their dependencies on the enterprise’s key assets (people, technology, information, facilities, and supply chain). We will ensure our BIA outcomes enable the organization and its decision makers to make optimum determinations of the scope of required preparedness planning activities, with an eye to efficient utilization of scarce resources.

Risk Assessment

Resiliency and risk management are inseparable. Operational resilience of an organization is directly related to its ability to identify, analyze, and mitigate operational risks. Given that the overall risk environment continues to be dynamic and expanding (i.e., number, type, and complexity of risk has been increasing), traditional tools, techniques, and methods may not work in such an environment. We assist our customers with efficient and proven approaches to successfully navigate the entire risk assessment process of risk identification and documentation, risk analysis, risk categorization, risk prioritization, risk disposition (e.g., avoidance, acceptance, transfer, mitigation, reduction), and risk tolerance and appetite determination.

Advisory Services

Our customers operate in an environment where the operational risk and threats are changing at an ever increasing pace, the geopolitical and economic landscape continues to be in turmoil, and technological advances continue to accelerate.  Keeping abreast of the relevant developments in such areas in a timely, efficient, and cost-effective manner is, therefore, critical to the continued success and improvement of any organization’s preparedness planning and resiliency management activities. Unfortunately, however, most organizations are not in a position to keep track of, and stay up-to-date with all necessary topics and relevant areas. Our continuity and resiliency advisory services are an attractive alternative for organizations who are interested in keeping abreast of the latest news, developments, advances, threats, incidents, trade studies, and lessons learned in a timely, efficient, and cost effective manner. Our continuity and resiliency services are customized to the needs of each customer and their business environment that they operate in.

Education / Training

Developing, maintaining, and exercising quality preparedness plans and associated supporting tools and processes are absolute necessities for organizations’ operational resilience; however, they are not sufficient. Even the best strategies and plans will fail to deliver desired outcomes if an organization’s employees, decision makers, and subject matter professionals have not been properly made aware of policies, guidelines, goals, important behaviors, skills, and matters that they should watch for. Our resiliency practice personnel have extensive background and experience in developing and delivering comprehensive sets of awareness (e.g., for general employee population), education (e.g., for executives and decision makers), and training (e.g., for continuity and resiliency professionals) in public and private settings. Our education and training services are designed to deliver both general purpose instructions suitable for most organizations, and also instructions that are unique to each organization’s mission and their specific resiliency strategy and preparedness plans.

Incident Root Cause Analysis

One of the most challenging (and rewarding) endeavors in the overall resiliency management lifecycle is to the ability to make relevant observations and perform accurate data collection during and shortly after occurrences of disruptive events. If performed properly and in a timely manner, such activities will lead to valuable lessons learned and implementation of corrective and preventive measures as part of a continuous improvement process. In addition to preparedness planning activities, we enable our customers, in several critical ways, to successfully deal with disruptive events, both during and after such occurrences. In particular, we offer such services as monitoring of the incident response, measurement and data collection during the incident, post-incident review, root cause analysis, corrective action/preventative action (CAPA) analysis, and plan updates.

Please contact us to learn more about our resiliency services and how we might be able to assist you in your preparedness planning activities and to increase your organization’s operational resilience.

IT Cadre is a Veteran Owned Small Business (VOSB)

copyright © 2011 IT Cadre