Privacy Opportunity and Risk Assessment
We will help you take a snapshot of your critical privacy risks, so you
can focus your compliance efforts cost-effectively. We will also identify opportunities for you to enhance your customer
service, and cut costs by improving your information management practices.
We have extensive knowledge of the legal/regulatory context,
information security risks to privacy and privacy best practices, including Generally Accepted Privacy Principles and the Privacy Maturity Matrix. This
knowledge enables us to guide you through a process using questionnaires
and structured workshops to quickly identify urgent risk areas where you
have a gap between your privacy strategy and stated policies, privacy awareness
and actual practices.
Good privacy practices, based on principles and standards, should become
part of the way the organization routinely conducts business. If you want
is more dangerous than no policy), all affected groups (e.g. marketing,
sales, finance, human resources, information technology) should help develop
will require more effort than its ongoing maintenance, many organizations
will find that using external assistance is more likely to achieve effective
results quickly. An outside perspective can also be useful to challenge
assumptions and help you to think creatively about your information management
and customer relationship processes. We can facilitate the policy
development process with key executives and managers to develop privacy
and security policies that will be accepted and enforced.
Privacy Expert on Call
You can have a privacy advisor available 7 days a week to:
Advise and coach your Privacy Officer
Help you respond to customer inquiries or complaints
Alert you to breaking privacy news and events which you need to know
This is a cost-effective way for small and medium-sized businesses to
get expert assistance as needed.
Privacy Awareness Training
Your front-line staff are your first line of defence against customer
complaints about your privacy practices. They must know what your privacy
policy is, and be able to direct customer inquiries to the appropriate
individual. We can train your customer-facing staff, either on your site
or at our regular seminars, which are conveniently scheduled to minimize
downtime during the business day.
Security Risk Management
Many businesses are extending previously internal processes to suppliers
and customers via the Web, in order to reduce cycle time and cut costs.
The resulting security issues must be addressed within an integrated risk
management framework, which considers people, business policies, processes
and physical environment, as well as information technology. We can help you to identify critical assets, threats and vulnerabilities using
a structured workshop approach based on the OCTAVE (Operationally Critical
Threat, Asset & Vulnerability Evaluation) methodology, then work with
you to identify appropriate and cost-effective controls to safeguard critical
assets and protect client privacy.
Business and IT Strategy and Innovation
Business and IT Strategic Planning
Business strategies should leverage technology to support the business strategic goals. Too often business and technology strategies are developed separately, leading to missed business opportunities and poorly thought out technology investments. We can assist your organization in the development of a technology strategy using facilitated workshops with senior business and technology managers to determine future business requirements, establish guiding principles and the technology architecture and define the strategic technology work program. We can also assist with mobilization of the program, including program management structure, program risk management, resourcing and benefits management.
Business Process Innovation
Business Process Innovation involves rethinking and redesigning business processes to achieve breakthrough improvements with enabling technology. Process innovation therefore goes beyond either continuous improvement or simple automation, and anticipates significant organizational impact as well as high use of technology.
We have extensive experience in process innovation, including design of work structures and management systems, and in organizational change management. We use structured workshop sessions to refine the understanding of business goals, critical success factors and priorities for process innovation, and to set ambitious targets for productivity improvements. The workshops are then used as the foundation for system architecture and for structured rapid prototyping of new business systems.
Business Continuity Planning
Switch on any nightly news program, and you will encounter stories of
tornados, floods, earthquakes, hurricanes, severe winter storms, explosions,
train derailments, plane crashes, major fires, toxic spills, riots and
strikes. Could your business survive a natural or man-made disaster? Will
your customers understand and remain loyal if you are unable to conduct
business or meet your commitments for an extended period? Without some
form of contingency plan, a firm is relying on pure luck to weather any
disruptions or disasters it encounters.
We can help you plan for business continuity and disaster recovery. Our
skills include: risk evaluation, business impact analysis, the development
of recovery strategies and plans, awareness and training programs. We will help you develop a realistic and cost-effective strategy for
your organization, and a solid case for action to ensure that it is adopted
and implemented. We can provide implementation assistance, including development
of test scenarios and simulation exercises. Our service offerings are modular,
and can be used to support and complement your in-house expertise.
Education and Training
Security Training / Awareness Sessions
It has become a cliché that people are the weakest link in the
security chain. But they can also be your strongest assets, if they understand
the issues and are motivated to support your security efforts. We
offer customized on-site security training and awareness sessions for executives,
managers and business users of information technology.