prepares your organization for a broad spectrum of unplanned events, from cyber attacks to other disasters, that would otherwise impact your productivity, reputation, and bottom line. It’s a concrete plan to ensure you and your team are prepared to respond when needed with speed, accuracy, and confidence.
Step 1: Diagnose Resilience
The Resilience Diagnostic quickly defines and prioritizes preventable risks, synthesized from a comprehensive set of industry compliance frameworks for Data Protection and Privacy, including GDPR, HIPAA, ISO, NIST, and others.
How long does Step 1 (the Resilience Diagnostic) take?
Depending on your organization’s size and complexity, typically 40-60 hours. No one wants to bring a tank to a knife fight, so the Resilience Diagnostic defines what your organization needs and what it doesn’t in two primary deliverables:
- Resilience Strategy: This is a concrete, step-by-step guide to quickly, practically, and efficiently eliminate your most preventable risks.
- Information Security Policy Set: This is a complete set of policies custom designed for your organization’s unique requirements and culture.
Step 2: Establish Resilience
Working with your in-house IT or providing our own, trusted experts, this step implements the Resilience Strategy to eliminate preventable risks and prepare you for a broad spectrum of unplanned events.
How long does Step 2 take?
Typically between 4-8 weeks, depending on what we learn from the Resilience Diagnostic in Step 1 and the size and complexity of your organization.
Step 3: Sustain Resilience
In this step, we create the Resilience Sustainability Plan, an annual calendar of events designed to make sure the work we’ve done so far on the Resilience Strategy and Information Security Policy Set maintain their value over the long-term:
- A Resilience Awareness Training schedule (2 x a year, for example) designed to reinforce positive cultural integration of the Resilience Strategy and Information Security Policy Set.
- Table-top exercises – once or twice a year, we sit down and do a dry-run, which gives the team a great opportunity to get familiar with the steps involved in responding to a crisis.
- Annual review of the Resilience Strategy and Information Security Policy Set to ensure these continue to adapt to changing data protection and privacy laws, an ever-evolving risk and threat landscape, and your organization’s needs, growth, and continued success.