Risk and Continuity

Achieving effective return on investment (ROI) for risk spending and effort is a key challenge for business and government while ensuring that any risk mitigation measures are just right. Business Aspect assists clients in managing risk to achieve a ROI and to ensure appropriate levels of risk mitigation in the areas of:

  • IT Risk and Governance
  • Information Security
  • Business Continuity
  • Disaster Recovery

As industry-leading management and technology consultants, Business Aspect security, risk and continuity specialists exhibit the strongest of analytical, communication and interpersonal skills across client engagements within Australia and internationally. Our past experience in technical roles, in combination with our proven business acumen equips us for the most complex of client situations. This experience extends from hands-on technical skills to business oriented risk advisory services. Our clients typically leverage Business Aspect for quality outcomes including:

  • Complex risk assessment – we assist clients in determining appropriate control requirements based on risk assessment. This often includes the development of risk frameworks and associated tools and processes.
  • Information security strategy – the development of a strategic roadmap to deliver security and risk outcomes based on moving to a target state by addressing areas of risk on a priority basis.
  • IT risk framework and policy, standards and guidelines – assisting clients in the development of a good practice and standards aligned policy framework and associated policy, standards and guidelines.
  • Integration of risk based processes into project and development lifecycles – working with our clients to embed processes for ensuring appropriate risk management and security assurance is achieved during ICT change through the development of policy, process and key triggers for risk based process.
  • Cloud and outsource provider review and assurance – working with our clients to review and assess cloud solutions and providers and their ability to meet client information security and availability requirements. Review and development of service level agreements to manage client risks. Independent review of available market cloud solutions and providers.
  • Standards compliance and roadmap development – we undertake a gap analysis against standards and provide a pragmatic and achievable roadmap for moving towards alignment, compliance or certification. Standards may include: the Australian Government Protective Security Manual, the Information and Communications Technology Security Manual (ACSI 33), ISO 27001/17799, IS18, AS/NZS 5050 Business Continuity, HB 292: 2006 - Handbook and Practitioner's Guide to Business Continuity Management, APRA - Prudential Standard APS 232 - Business Continuity Management.
  • Business continuity management – we consult with the highest levels of the business to truly understand the business requirements for continuity of operations, typically through a formal Business Impact Assessment (BIA). This often leads to performing a review of the organisation’s ability to meet these requirements and providing specific recommendations to address any gaps.
    Business continuity plans are developed in alignment with an overall framework and are designed to allow the business to continue critical functions, including maintaining key dependencies, such as people, facilities, IT, communications and information.
  • Disaster recovery planning – we undertake a review of the organisation’s current ability to meet ICT service continuity requirements, such as IT recovery timeframes that may be the outcome of a BIA. In turn we guide customers on closing any gaps in their recovery capabilities on a priority basis – normally risk based.
    Next, we develop pragmatic and manageable plans and associated tools for managing the recovery of an IT related disaster event which often leads to undertaking training and testing of plans through desktop scenario testing to full IT failover testing.
  • Change and Communications – as part of broader enterprise risk, continuity and security management activities.

In summary, Business Aspect information security, risk and continuity consultants are leaders in their respective fields and this is backed up by their past experience as well as industry level qualifications and memberships.   Meet the head of our Risk and Security practice Brendon Taylor.