TPComps is a leader in the field of business resiliency planning for small and medium businesses. Business Resiliency Planning is the combination of security, disaster recovery, and business continuity planning. Bringing these together in a combined plan gives you the ability to plan for a variety of unexpected events (e.g. systems crash, staff issues, building problems, supplier interruptions, etc.) and effectively continue operations.
We also specialize in the field of life continuity planning for individuals and families. Life Continuity Planning also involves personal security and disaster recovery plans. Occurrences like computer viruses, identity theft, tornadoes, floods, terrorism, and auto accidents leave families in a state of disarray while trying to regroup and possibly grieve. We help you to identify risks, assess the impacts, and assemble those to put together a personal plan. We show you how to maintain your personal plans to cover life’s unexpected issues.
We offer the following services:
Business Impact Analysis (BIA)
Security Assessments
Disaster Recovery (DR) Planning
Business Continuity (BC) Planning
Life Continuity Planning
Ongoing Support
|
Typical Client Results
Each engagement is different because each business is unique. Below is a list of typical benefits that clients realize during our project work
|
What we do
| How you benefit / What you get
|
Business Impact Analysis (BIA)
Definitions: RCO = Recovery Capacity Objective How much of it is recovered RTO = Recovery Time Objective How soon is it recovered RPO = Recovery Point Objective How old can it be when it’s recovered
|
- Uncover possible hidden threats or risks
- Reference to frameworks (NFPA, CobIT, ITIL, ITGC, etc.) for standardization
- Understanding of business critical processes, operations, and applications
- Identify inherent risks from neighbors, environment, or system processes
- Ability to link failures to financial and non-financial impact costs
- Clarify and justify RCOs, RTOs, and RPOs
-
Prioritize risk mitigation based on quantitative data
-
Management review meeting to discuss and edit findings Report listing reviewed findings, remediation actions, and potential next steps
|
Use of Qualys’ QualysGuard scanning appliance
|
-
Continuation of the BIA process
-
QualysGuard mapping and vulnerability management external report identifies all computer resources across all platforms (Windows, Linux, Unix, etc.)
-
QualysGuard used for audit and compliance (SOX, HIPAA, PCI, internal policy, etc.) verification that can be presented to partners and auditors
- Report on exposure evaluation, potential risks, and threats (building, access, utilities, environment, location, etc.) with an eye on secureness and recoverability
|
Disaster Recovery (DR) Planning
|
-
Continuation of the BIA process
-
Understanding of why having a data backup is not disaster recovery
-
Develop response procedures (identification, declaration, escalation, notification, communication, etc.)
-
Develop team procedures (IT, Finance, etc.) to handle unique interruptions (PC crash, fire, etc.)
-
Develop restoration procedures (personnel, IT, facilities, telecom, clients/vendors/suppliers, equipment, etc.)
-
Correlate procedures to RCOs, RTOs, and RPOs to ensure business drivers are realized, adjust any as needed
-
Testing of all plans and procedures to verify they are complete and workable when time is critical and resources may be short
-
Training of staff on the plan and their roles in the recovery
|
Business Continuity (BC) Planning
|
-
Continuation of the DR process
-
Recovery efforts may take months with operations resuming at different facilities or on different equipment
-
Develop operational continuance procedures (Payroll, Invoicing, etc.) without access to the core systems
-
Develop alternative staffing plans for possible shift changes or remote work
-
Develop supplier plans and alternative supply channels to ship and receive resource materials
-
Identify protection mechanisms for critical forms, papers, and supplies that are irreplaceable or require long lead times
-
Review insurance policies to ensure adequate coverage protection limits
-
Exercise plans to verify workability
-
Train staff on alternative work processes
|
Working with the employee at his or her residence
|
-
Unique no- or low-cost business benefit
-
Lunchtime introductory training session available for employees
-
Evaluate exposures to potential risks and threats (building, access, utilities, environment, location, etc.) with an eye on secureness and recoverability
-
Assistance to create a supply kit tailored to the family
-
Develop the core plans (evacuation, communication, meeting, etc.)
-
Education on information security concerns (PC crash, PC hacking, ID theft, etc.) and ways to avoid common events
-
Review insurance policies to ensure adequate coverage protection limits
-
Coordination of plans with work, schools, neighbors, and religious institution
|
Ongoing Support
Provided through a maintenance plan or on a Time, Material, Expense basis
|
-
Plans must remain current to be effective and useable
-
Quarterly, biannual, or annual reviews available
-
Can provide executive statements or reviews as needed to meet upstream requirements or audits
-
Non-major adjustments to current plans
-
Priority support and guidance during a recovery event, up to and including on-site staff
|
Professional Network Relationship Will work with your chosen provider (IT, insurance, etc.) or will recommend a trusted professional or firm that fits your needs
|
|