Manufacturing
Building Products
Risk Masters was retained to assist in the development of an overall Corporate Business Continuity Management Program for a building products company. More specifically, we were engaged to identify critical business processes and a strategy for continuing them in the event of major disruption at their corporate data centers. This project was a refresh of a similar project performed five years earlier by the Risk Masters team.
Heavy Manufacturing
Risk Masters has performed Information Technology Infrastructure Assurance services for an internationally known manufacturer. The review consisted of identifying single points of failure, major concerns, and systems and infrastructure availability. The data center electrical utility servicing the client's IT infrastructure was reviewed by conducting interviews with the facility, IT management, and associated vendors and consultants. Relevant infrastructure documentation was also reviewed. Risk issues within the data center infrastructure were identified, and solution recommendations offered that included enhanced test procedures, changes to power and IT infrastructure and architecture, and changes in operational processes.
Oil and Gas
Risk Masters assisted a major Middle East oil and gas producer with a year-long Business Continuity Management project, both on-site and remotely. We led the effort to develop a Business Continuity Management program, including preparing Business Continuity Plans for all processes from the well-head to the tankers. We also helped the client to develop IT recovery procedures, including the definition of a strategy for recovery from cyberattacks.
Defense
Defense Contractor
Risk Masters was engaged in assessing the current state of a defense contractor's DR planning and execution capabilities. Based on that assessment, we assisted this client in developing a DR architecture for alternate locations, servers, storage, the inter-data center DR network, applications, staffing, and governance. The project required close cooperation with many of their lead internal technical specialists, architects, and vendors. In particular, there was participation with the Disaster Recovery Operations function to achieve the highest skills transfer level. Risk Masters also delivered a detailed cost analysis of the proposed solution architecture. We were also asked to develop an interim DR testing process for the initial applications migrated to the Enterprise Data Centers.
Aviation
Risk Masters professionals assisted this client in performing an extensive table-top exercise of its IT Disaster Recovery Plan. Planning for the event required two months of work. The actual exercise spanned three days and included 41 modules, including the overall management plan, recovery of infrastructure, and all applications deemed critical.
Services
Household Services
Risk Masters assisted a nationwide service organization with a wide range of Business Continuity related services. This company provides plumbing and home repair services to subscribers across the United States. The assistance Risk Masters provided to this client included a Current State Assessment of their overall Business Continuity and IT Disaster Recovery preparations, Risk Assessments of the business locations and both their data centers, a Business Impact Analysis and a Business Continuity Plan for all business and IT functions and development of a Business Continuity Management Handbook for assigned management personnel.
Security Products Distributor
Risk Masters assisted a security products distributor in building a Business Continuity program. The project included a Business Impact Analysis of all business processes in its offices around the United States, Risk Analyses of its hub offices, development of Business Continuity Plans for each office, and development of corporate Crisis Communications Plans. Risk Masters assisted this client in establishing testing and maintenance programs. We were then retained to develop an IT Disaster Recovery capability for the company, including developing templates for functional and technical Disaster Recovery Plans and facilitation of testing.
Service Organization
Risk Masters professionals assisted this client in establishing a fully replicated on-line service environment in only 60 days. The work included assistance with the assembly of a fully equipped DR site for the client's key operational system with connectivity to both its production data centers. The client also received a Functional DR Plan describing the steps that would need to be taken to recover the services provided by the system, from the time of a disruption of service in a production data center through the restoration of stable client service. They also received a Technical DR Plan giving the specific instructions to be executed in recovering the system. We also oversaw a test of the resilience of the system.
Educational Services
This client determined that its current architecture for Midrange disaster recovery was no longer fully aligned with its business requirements. Therefore, it sought to redesign its current strategy and architecture for DR for critical applications to be restored within established Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). Risk Masters assisted the company in developing a logical technical model in a manner that it could implement the solution at any offsite recovery location. The model was a design for recoverability that describes the server, storage, and communications requirements for recovery within the client's business requirements.
Health Care
Hospital
A large diversified regional healthcare provider retained Risk Masters to assist in developing an overall IT DR Architecture. Specifically, Risk Masters was asked to evaluate architectures for their Mainframe and Windows server environments as well as for their extensive Unix-based infrastructure and provide analysis of their suitability for achieving their organizational recovery objectives. The client gained significantly improved focus on its priorities for developing supporting data for internal capacity planning, and business case construction for major new capital spending plans supporting DR. Potential projects and their impact on DR decisions were crystallized feasibility impact on capital budgets.
Government
Provincial Government
A provincial Parliament retained Risk Masters to perform a complete Business Continuity Management project including a Current State Assessment, a Business Impact Analysis, strategy definition, development of a Business Continuity Plan, training, testing, and maintenance. The successfully achieved objective of the project was to enable the Parliament to sit within two weeks of a disaster that might incapacitate only the Parliament buildings or one that might affect the entire region around the capital.
Government Agency
A government agency retained risk Masters to perform a Risk Assessment, Business Impact Analysis, and Continuity Requirements Analysis for its Headquarters operations. Risk Masters' delivered a set of recommendations describing the client's business and technology requirements for operational recovery. To achieve this, the BIA process measured financial and operational impacts resulting from a carefully defined business disruption scenario. Business impact measurements were estimated through interviews conducted with business application owners and an assumed worst-case disruption.
Pension Fund
Risk Masters has assisted a statewide public pension system with a Gap Analysis of its IT Disaster Recovery capabilities compared with its business requirements as stated in a recently completed Business Impact Analysis. We also performed Risk Assessments of its headquarters location, its Disaster Recovery site and its branches around the state. We also provided classroom training for its staff in IT Disaster Recovery Planning and in Risk Assessment.
Crown Corporation
Risk Masters assisted a Canadian Crown Corporation with an extensive Risk Assessment of all their nine business units. We also performed a Business Impact Analysis of potential business interruptions. To enable the organization to be self-sufficient in the future, we documented our methodologies for Risk Assessment and Business Impact Analysis and trained their people in the application of these methodologies.
Financial Services
International Bank
This client retained Risk Masters was asked to evaluate the effectiveness of their Information Security and Risk Management function, which also included responsibility for Disaster Recovery, Business Continuity Management, and physical security. The review consisted of an analysis of management's priorities for the function, a gap analysis of the activities of ISRM with those expectations, and recommendations for improvement. The recommendations were based on Risk Masters' understanding of industry-accepted practices, standards, and our experience with other similar organizations.
Super-Regional Bank
Risk Masters performed a number of projects for this super-regional bank. They included planning for hurricane response, assisting in assessing and restructuring the bank’s Business Continuity Management function and performing as acting Business Continuity Manager. Working with the Information Security function, we documented the methodology for RBAC and assisted with the planning for RBAC using SailPoint as the tool of choice.
Community Bank
For a New Jersey community bank, Risk Masters assessed the bank’s compliance with FFIEC disaster recovery requirements for a newly acquired backup data center facility. We also updated the bank’s DR plan documentation to reflect the “to-be” recovery strategy targeting recovery to this new data center.
Commercial Bank
Risk Masters was retained by this major mid-market full-service bank to perform a series of projects over a two-year period. Risk Masters was engaged in the first instance to evaluate the bank’s Business Continuity Management (BCM) preparations and develop an implementation plan for the suggested enhancements. We developed a governance structure for BCM, created BCM policies, standards and guidelines, performed a Business Impact Analysis and a a Risk Assessment of their three main operating locations. Finally, for a nine-month period, we served as the acting manager of BCM.