What we do
Risk and compliance management
Some clients approach us because IT is keeping them awake at night with worry. All modern businesses are dependent on IT, there are increasing cyber and security threats, and regulatory and other compliance issues. But the IT guys rarely speak the same English you do!
Cybersecurity risks are increasingly prevalent and we meet clients whose businesses have literally been brought to a standstill by online attacks. But risk and compliance management is a difficult area to get right and there is no end to the money you could spend on hardware, software and advice.
“We can present issues and options in business terms to allow the senior team to assess the real business risk, your own appetite for risk, and to decide what to do and put in place a plan.”
Frequently we work with companies where the internal IT team are frustrated by what they see as management inaction, because the IT managers are unable to explain the issues to the Board in language they understand and to distinguish between real business threats and nice-to-have’s.
Compliance and risk issues can be extremely complex and people who don’t have an IT background typically don’t have enough time to fully understand the details and make an assessment of what is sensible and what is not. We are unique because one of our Principals can get involved in every aspect of your IT from servers and infrastructure to bespoke software, can understand your business, the demands of your sector, your processes and data, your client and supplier contracts. We can present issues and options in business terms to allow the senior team to assess the real business risk, your own appetite for risk, and to decide what to do and put in place a plan.
All our Principals have wide experience of common regulations and expected practice and where we need to we have excellent links to experts in legal issues and specific technical risks areas.
We also frequently help clients with business continuity planning so that they have well thought out and rehearsed plans in case the worst does happen. Again, companies of different sizes and in different sectors need very different plans. Our clients include 24/7 critical service providers who need to ensure continuity in every circumstance, but we also have clients who are smaller consultancies looking for simple solutions based on home-working.
Our clients also include high-profile online services who are subject to sustained cyberattack, but also traditional companies who simply need up to date antivirus and sensible ways of working.