The dynamism of threats to business range from compliance to intellectual property, physical to logical, supply chain to sustainability and there are always Unknowns amongst the Knowns. Organizations operate to realize business objectives by accepting calculated risks to create value for customers, however; many fail to achieve their mission by leaving risk management to compliance & governance functions. Monitoring, controlling and mitigating risks cannot be left to a person, department or function but an overarching culture should be developed and stimulated to trickle down risk management to each stake holder.
The underpinning resolve of our consulting services is to support customers for doing what they have been chartered to do, while we work with organizational risk owners to monitor, track and evaluate the impact of changing circumstances and varying priorities in business life cycle.
Enterprise Security Risk Management (ESRM) is about ensuring that all stake holders appreciate their role in security risk management through well-defined processes to protect and enhance business value.We believe that a sound understanding of the ecosystem of an organization and facilities is impacted by composite factors i.e. leadership focus and culture of security, business processes & integrated management systems, engineering & technology and above all a consolidated model that connects the parts to a whole and assures the ultimate outcome i.e. profit protection. Therefore; we support our clients to identify major risk exposures and evaluate their significance to predict the total risk profile of the enterprise. This includes financial, infrastructure, marketplace and reputational risks.
Research and due diligence to identify risk exposures and broader context of the organization.
Facilitating structured and interactive security risk identification workshops.
Assets classification and criticality evaluation.
Quantifying the probability, impact and uncertainty of risk exposures.
Identifying risk controls, assessing their effectiveness, and recommending practical cost-beneficial risk reduction improvements.
Technical risk analysis to advise on the optimum structure and levels of security risk mitigation and program management.
The cornerstone of Resilience is a risk-based framework of Plan, Do, Check and Act that supports preventive planning to performance optimization alike through periodic performance reviews and projects risk analysis. Historic implementation of policies & procedures has been replaced by two-dimensional approach of defensive & progressive initiatives based on 4S model of Foresight, Insight, Oversight and Hindsight.
We work with our customers to establish the foundation and maturity model for business resilience, developing an overarching Security Strategy and Implementation framework using tools such as Balance scorecard (BSC), Management by Objectives (MBOs) and Key Performance Indicators (KPI’s) dashboards. Through an in-depth horizon scanning, specific organizational context, vision, mission &objectives analysis and collaboration of business stake holders, bespoke solutions will be developed, implemented and monitored for effectiveness against changing risk spectrum.
Physical Security Risk Assessments
Inline with international best practices and recognized standards, physical security risk assessments are conducted through assessment questionnaires, facilitated workshops, site tours and table top scenario simulations. The outcomes of these assessments are presented via executive summary and detailed reports whereas value added training is provided as part of the project to monitor and update risk register through periodic reviews.
Security Surveys & Physical Penetration Testing
Changes in business priorities, roles & responsibilities, use of facility, and procedural variations can inadvertently stem breaches in security program performance. In furtherance to facility and operational risk assessments; surveys, audits and penetration testing are conducted to identify protection system vulnerabilities and exploit opportunities for improvement. Value of such surveys is delivered through set of observations and recommendations aimed at identification of gaps as well as response measures mapped to a performance management system for continual improvements.
Organizational / business needs assessment.
Emergency / disaster criticality analysis.
Crisis communication management.
Crisis management team and plan development.
Emergency response procedures development and exercising.
Liaison & Coordination with mutual aid partners and rescue agencies.
We support our customers’ focus towards business continuity management by understanding their strategic, tactical and operational tiers of activities and incorporate the same within security risk management framework. The outcome is a robust system that ensures all critical business functions and processes have been reviewed and validated for business continuity planning.
Business impact analysis (BIA)
Risk assessment (RA)
Disaster recovery planning
BCM plan development and maintenance
Exercise & scenario development
BCM program documentation
Review, testing & training
The rewards of ISO management system to any organization, function or business unit need no explanation and if established, implemented and maintained in true spirit, these can be used as a single platform to integrate business processes and objectives alike. Annexure SL has further unified the high-level structures and integration is easy, quick and objective.
We support our customers to realize their objectives of achieving Operational Excellence through deployment of management system. This is achieved via facilitated workshops, focused group sessions and individual assignments to members aimed to enhance their understanding of core business functions and role modelling of interoperability. Further; we facilitate and conduct third party audits for gauging awareness and degree of implementation, prior to certification body audits.
ISO 9001 – Quality Management System
ISO 45001 – Health & Safety Management System
ISO 22301 – Business Continuity Management System
ISO 31000 – Enterprise Risk Management System
ISO 28001 – Supply Chain Security Management System
ISO 18788 – Security Operations Management System
PSC1 – Management System for Quality of Private Security Company Operations
PSC3 – Maturity Model for Phased Implementation of Quality Assurance
INV.1 – Investigations
RA.1 – Risk Assessment
ORM1 – Security & Resilience in Organizations and their Supply Chain
PAP1 – Security Management Standard Physical Asset Protection
WVPI.1-2011 Workplace Violence Prevention and Intervention
The Art & Science of Protecting People & Profits