J.D. Fox Exec offers professional services to develop, implement, and maintain an Information Security program and/or Business Continuity plan. Both of these services include Disaster Recovery planning for your information technology (IT) system.
In general, the process includes:
- Creation of governance documents, management plans, written policies, operating procedures, and risk management documentation, in close coordination with your company's goals and objectives.
- Implementation of your Information Security program and/or Business Continuity plans as a project.
- Development of tracking systems for monitoring performance metrics; systems for routine review of policies and input data; and procedures for reviewing, updating, and testing your plans. You can choose to engage J.D. Fox Exec to perform this maintenance after the implementation project is complete, or rely on your own personnel.
If your company has neither an Information Security program or Business Continuity plan, developing both together will greatly improve efficiency and return on your investment, as there is significant overlap between the two processes.
Implementing either or both of these programs will enable the following immediate benefits:
- Improved value for your investments in information technology, whether it be hardware purchases, software license purchases, or software or cloud services subscriptions.
- Reduction of risks to Information Security and Business Continuity to acceptable levels. Specifically:
- Likelihood and impact of data breaches and system outages will be minimized.
- In case of significant hardware or software failures, human error, or malice, your information systems will remain operational, or can be restored within specific time limits that meet your company's specified tolerance levels.
- If information systems cannot be restored within established time limits due to extraordinary calamity, an effective Business Continuity plan will be in place to ensure critical functions can be restored in time to avoid permanently going out of business.
By managing Information Security and Business Continuity at the executive level, your business will enjoy these additional benefits:
- Documented evidence of methodical and doctrinal due diligence and due care that enhances the value of your business on behalf of company shareholders, employees, and creditors.
- Meeting requirements for service-level agreements you may have with your customers or partners.
- Compliance with laws and regulations that impose civil and possibly even criminal penalties on businesses that fail to meet minimum standards for Information Security and Business Continuity readiness (depending on the type of business and the circumstances).
Building and benefitting from Information Security and Business Continuity programs is a team effort. When you engage J.D. Fox Exec, here is what you and your business will need to do:
- Get a commitment by top management of your company to develop and maintain formal Information Security and Business Continuity programs.
- Provide a clear and complete Master Business Plan, including your company's Objectives and Activities Statement, as well as a description of risk tolerance thresholds for Information Security and Business Continuity.
- Allocate appropriate time, money, and resources. When working with J.D. Fox Exec, we will start with a feasibility study, with minimal initial investment, to determine the most profitable way to proceed. If initial analysis reveals that the investment required for proper development of these programs cannot be expected to add sufficient value to your business (based on the extent to which we can expect to lower expenses or mitigate or prevent losses due to identified risks), then we will not proceed, and you will have achieved the objective of performing due diligence and documented evidence that your risks have been evaluated and properly accepted as they are.
- If we proceed, then once the program charters are written, you must ensure that the implementation projects are provided the required resources, and that the authority of those assigned roles and responsibilities to implement the projects is communicated to relevant department heads, so that the projects proceed as planned without impediments.
Ample details, guidance, and samples will be provided upon commencement of our Business Systems Management contract.
Services provided by J.D. Fox Exec complement your Enterprise Risk Management Program. If you don't have one, then engaging J.D. Fox Exec will get you started with the most important aspects, and we can accomplish quite a bit with just that part of it.
Ideally, a mature organization will have a fully developed and documented Enterprise Risk Management program, including the additional components listed below. Formal management of these is not included in the above service offerings, due to our focus on Information Security and Business Continuity.
- Market Risk, which involves anticipating changes to the makeup of your customer base and their tastes and demands, changes to the availability and pricing of your inputs, and threats to your market position by emerging competition or existing competitors' initiatives.
- Compliance Risk, for management for laws, regulations, and rules that apply to your business.
- Financial Risk, for assessing the risks to various positions of your financial resources as invested in cash, equities, or other financial instruments (in some contexts, especially financial firms, this might be called Market Risk).
- Accident Prevention and Emergency Response Planning.
As for compliance, the relevant compliance factors are included in Information Security and Business Continuity planning and management services provided by J.D. Fox Exec; however, comprehensive Compliance Risk Management is not offered. Also, Disaster Recovery and Business Continuity of course will be coordinated with any emergency response procedures you have in place.
And in any case, all of our activities in developing Information Security and Business Continuity will be coordinated with any objectives, constraints, and controls applicable from all risk management activities your business performs.
Read details about each program: