Information Security Management
Cyber-attacks can be expensive for a company through monetary and reputational loss. It is estimated that the average cost of a breach is $649,000 for large companies according to the B2B International 2013 Survey. The costs for SMBs range from $50,000 up to $96,000.
Information Security is no longer the domain of IT Professionals. The importance of IT for businesses of all sizes and industries can not be denied. The growth of IT in business requires that managers understand the risks associated with technology. In many cases the knowledge of these risks remain within the IT department or are not clearly articulated to business management. The solution is to implement a management framework such as COBIT, NIST/FISMA, or ISO 27001.
ISO 27001 is a business oriented standard for managing information security in an organization. It is a risk based program focused on assessing risk, defining impact, and obtaining management buy in to harmonize risk with the needs of the business. Implementation of ISO 27001 can demonstrate that management is involved in the information security process and is aware of the needs of the customer.
Environmental impact is becoming more important to organizations in an ever increasing regulatory environment and in a world where social media can make or break reputation. An environmental plan endorsed by management can reduce costs, liability, and bring an organization closer to the consumer public.
Establishing an ISO 14001 Environmental Management System can produce cost savings by reducing waste, increase visibility of environmental risks to management, identify compliance requirements, demonstrate commitment to improving the environment, reduce insurance cost, increase customer and worker engagement.
Defective products can be expensive for a company through monetary and reputational loss. It is estimated that the cost is $500 billion to the US public in terms of injuries, deaths, and property damage as a result of defective products. Compliance with consumer protection laws is not enough in today’s fast paced world of social media. Companies can take proactive steps to protecting themselves from these losses by raising the bar through implementing a quality management program.
Our team can assist with implementing and managing an ISO 9001 program. ISO 9001 is the world’s best known quality management standard. It is a management framework designed to be flexible for any business from manufacturing, to services, to software. Reducing defects can increase customer satisfaction, reduce costs from wasted materials, and demonstrate that the organization places the customer’s interest in high regard which could reduce regulatory action brought against the organization.
Business risk is everywhere. Many organizations use an ad hoc approach to risk. This results in inconsistent remediation and may leave gaps that expose the organization to loss and liability. Organizations seeking to move to the next level in risk management must implement standards that establish consistent processes. By establishing consistent processes an organization is able to meet its objectives in a repeatable fashion.
ISO 31000 is a framework for managing enterprise risk. It does not cater to a specific industry or sector and is appropriate for operational and strategic risk. It can be tailored to fit the needs of any sized or style of organization.
Business Process Improvement
CFOs and other executives are always looking for ways to improve efficiency, reduce costs, and increase customer satisfaction. Our team can improve organizational performance through process improvements, strategic sourcing strategies, inventory management, and contract management.
One method of process improvement is to implement LEAN Six Sigma. LEAN Six-Sigma combines philosophies of Lean Manufacturing techniques and Six-Sigma quality to streamline operations, reduce waste, and increase value. Reduction of waste and increasing customer satisfaction through reducing defects and rework in both manufacturing and office based processes. Our team has LEAN Six-Sigma certified personnel who can design a training and mentoring program, or lead an improvement project to completion.
Business Continuity Management
Disaster can strike at any moment. According to the Institute for Business and Home Safety, an estimated 25 percent of businesses do not reopen following a major disaster. Having a business continuity plan is extremely important to surviving a disaster event. A business continuity plan differs from a disaster recovery plan by focusing on the planning before a disaster and the steps taken after a disaster to continue operations. A disaster recovery plan focuses on rebuilding and restoring damaged infrastructure rather than the overall business.
Our team can assist with disaster preparedness and training. We follow the ISO 22301 business continuity framework to assure that the major points that should be covered are covered. We can assist in gap analysis, sourcing vendors for temporary emergency workspace, and implementation of continuity plans.