Assessments and Audits

We were engaged to develop and support an IT disaster recovery tabletop exercise to further improve their organizational resilience. Management entrusted us during the design phase to let this evolve into a 7-hour functional exercise with 130+ participants. In reviewing the after action report with senior IT leadership, the client said it was their best-ever designed and run exercise!

Re-engaged in 2024 to perform IT disaster recovery program health checks for both the Hospital and University. Management is using the findings to support their goal of improving organizational resilience. Subsequently, conducted an assessment of business recovery objectives and trained staff to perform their own assessments.

Sought out by client to design and facilitate two crisis management team tabletop exercises for one division of the bank, and leverage the After-Action Report to make business continuity management program improvements. The goal was to raise participant’s awareness of a cyber incident, identify existing dependencies and capacity constraints, current capabilities and improvement opportunities to strengthen the bank’s preparedness against a ransomware attack.

Performed internal audit review of client’s business continuity management system in accordance with ISO 22301:2019. Created a detailed action plan to address findings identified during the assessment ahead of external audit.

Client sought our help to understand the impacts to store operations when systems and applications are unavailable. We leveraged the information from a focused business impact analysis to create multiple Information System Contingency Plans aligned with NIST Special Publication 800-34 Rev., Contingency Planning Guide for Federal Information Systems, and ISO 22301 Security and resilience – Business continuity management systems – Requirements.

Guided management in the implementation of an emergency response & crisis management program where little existed previously. Trained senior management and staff in the practical use of plans and procedures, so they now know who will do what and when at time of incident and now feel competent to manage an event. After 7 years, we were re-engaged to evaluate client’s business continuity management program based on a review of core documentation to identify any egregious gaps and make recommendations for closing them.

Client requested assistance with a phased approach for implementing a world-class business continuity management program to ensure continuity of operations, minimize disruption to patients and customers, while operating as a safe and compliant company. In leveraging our proven development and documentation methods, we laid the foundation of the program. Governance, crisis management, crisis communications and business continuity are now all in place. Their training manager is leveraging scenarios we created to build out their exercise e-learning platform. Client said they could not have stood up their program without our guidance and support.

This client indicated RCC exemplified the following qualities: Expert | High Integrity

Engaged to develop and facilitate the annual Crisis Management Team exercise in 2019. Initial response was practiced out of the alternate site, and then transferred to headquarters for ongoing recovery and support. Goals included validating and using new plan documentation, use of online tools/forms, accounting for people, and practicing information sharing among and between teams. Client advised facilitation was excellent and the scenario was extremely interesting.

Subsequently re-engaged to restructure the client’s business continuity program governance,  reframe crisis management protocols and plan, and facilitate a series of tabletop exercises.

Management paused the ongoing development of its business continuity management program when COVID-19 struck early in 2020. By late 2021 when we were engaged, we had the opportunity to apply lessons learned with input from senior leadership to improve existing program documentation.

The program has also been expanded globally to include the client’s manufacturing, distribution, office operations, and management of vendor risk. The engagement culminated in a successful crisis management team tabletop exercise. Client is now leveraging the work performed to refresh specific program components.

Following a successful engagement assisting the client with revisions to its site response procedures as well as the development of standardized scenario training, we were retained to perform a comprehensive overhaul of our client’s incident and global crisis management program.

The client then entrusted us with an opportunity to develop a solution for entirely new types of issues that go beyond those covered by a typical crisis management program. These value-impacting issues necessitate a consistent corporate response process that requires carefully orchestrated management and communications across the business and with stakeholders.

Most recently we were engaged to conduct an independent analysis of their response to a globally impacting event and deliver an after-action report. Findings are being carefully reviewed to improve future response efforts and strengthen their overall program.

This client indicated RCC exemplified the following qualities: Great Results | Expert | High Integrity | Personable | On Time | On Budget | Trusted Partner

Raymond-Cox Consulting was honored to be engaged by The American Institute of Architects to help architectural firms to prepare, respond to and recover from disruptions with a basic business continuity plan. Drawing upon our own knowledge and business practices, we provided subject matter expertise to assist with the creation of AIA’s Architect’s Guide to Business Continuity to suit the unique functions of small to medium-sized architecture firms (roughly 1-19 employees). In June 2021, AIA published the Guide and has received positive feedback from its community.

This client indicated RCC exemplified the following qualities: Great Results | Expert | High Integrity | Personable | On Time | Trusted Partner

Client requested an evaluation of its business resiliency program capabilities against the ISO 22301 business continuity management system standard. Client was thrilled with our services and is leveraging our assessment and roadmap to help them on their journey towards ISO certification.

This client indicated RCC exemplified the following qualities: Expert | Personable | Trusted Partner

As our client continues to grow, they were seeking a partner to provide business continuity planning services to ensure continuity of critical business operations. Their aim is to establish an ongoing process that identifies risks and maintains viable continuity and recovery strategies and plans. In close collaboration with our client, we are achieving these goals as we build a business continuity management program from the ground up.

Client sought the assistance of an outside party to review and evaluate their existing business continuity management program against ISO 22301 within a short period of time. Our primary research was done by evaluating documents related to the program as well as conducting interviews with members of staff directly involved with its ongoing development and maintenance or that interact with the program. We created a report with our key observations and recommendations as well as assessment of the business continuity management program against ISO 22301. Further, we developed a roadmap and the client is using that to guide improvements.

This client indicated RCC exemplified the following qualities: Great Results | Expert | High Integrity Personable | On Time | On Budget | Trusted Partner

Transformed the client’s Y2K plan into an ongoing business continuity plan to reflect changes in its business operations since the original plan was developed. Wrote test scripts and supporting documents. Tabletop exercises helped management to determine the effectiveness of the crisis management team to respond to a realistic incident threatening the operational continuity of head office functions and other business units in Asia and adjust plans accordingly.

This company had no business recovery system in place. Conducted threat and risk assessments for multiple locations. Performed a business impact analysis for US and foreign operations. Facilitated recovery strategy and business continuity plan development as well as crisis management plans. Following a series of exercises we developed, the crisis management team was able to successfully manage their operations impacted by the 2010 Chile earthquake. In addition, created a recovery plan for use at one distribution center which then served as a template to be customized by each of the many national and international distribution centers.

Almost 5 years managing our client’s global business continuity management program under an outsourced service agreement, prior to their recruitment of a full-time program manager. Scope included all aspects of program governance, crisis management and business recovery, with oversight of the disaster recovery, and emergency response programs. The engagement included the development of policies and procedures, position statements, operational plans, online training, facilitation of a multi-year crisis management and business continuity exercise schedule in the Americas, Europe, and Asia, implementation and administration of business continuity and emergency response-related systems, presentations to Steering, Governance, and Audit Committees. Achieved ISO 22301 business continuity certification for client’s Brazil operations as part of an integrated management system.

This client indicated RCC exemplified the following qualities: Great Results | Expert | High Integrity

Engaged to build the client’s business continuity management program from the ground up, the scope of the engagement includes all aspects of program governance, risk assessment, incident management, and business continuity, with a formal review of existing IT disaster recovery, and emergency response programs. The governance document provides the framework for the program, and has been adopted by the newly formed Steering Committee. An Incident Management Team (IMT) has been established based on the Incident Command System (ICS) structure. We conducted training on the Incident Management Plan and facilitated an orientation exercise immediately after to cement their learnings. Following a business impact analysis, each department has a Business Continuity Plan (BCP) in place. A joint incident management and business continuity exercise exposed department team leaders to using their BCPs for the first time, and enabled the IMT to continue developing skills. We have also guided the client through an operational Risk Assessment so management has a clearer sense of key risks and possible preventative and mitigation measures.

At Board request, led the business impact analysis and presented results to executive management for review and approval.

Executive management wanted to know if the Information Technology (IT) department is currently capable of restoring the underlying technology (infrastructure, systems, applications and data) within a timeline acceptable to the business. We conducted a business impact analysis to ascertain the specific needs of business units. We then assessed the current capabilities of IT. Utilizing data gleaned both from the business and IT, we compiled a list of gaps and presented same to management. Our findings now form the basis of the work IT is undertaking to minimize or close those gaps.

Re-engaged by client to assist in projects to support global COVID-19 pandemic response as well as day-to-day work in maintaining the global business continuity management program. Retained to help guide client on the new requirements of ISO 22301:2019 in preparation for a recertification audit.

IT senior leadership wanted help in understanding the technology needs of key departments in order to identify gaps in their capability to support the business. Through this engagement we performed a business impact analysis and worked with IT infrastructure, systems and applications teams to get a holistic view of the IT departments capabilities today. We compared the data gathered to produce a gap matrix which was presented to executive leadership.

Client was seeking assistance with the development of a standardized, comprehensive COVID-19 plan in coordination with regulatory and clinical guidance to reopen safely. The health, safety and well-being of everyone (staff, participants, family members/caregivers, visitors and vendors) was the primary goal while attempting to avoid a resurgence of COVID-19 once open. We designed a Reopening Plan for customization by each site to help staff in preparing for the reopening of their center, taking into account the services to be offered, in a phased approach.

Initially engaged to develop and facilitate two tabletop exercises, client requested we expand the scope of work to include training the crisis management team members beforehand, to familiarize everyone with their roles, responsibilities and processes of the business continuity program. Additionally, we are providing ongoing guidance and support on COVID-19 response activities on a consultation basis, including delivery of staff training on related topics such as office policies, procedures and protocols, personal preparedness, quarantine, isolation.

Developing the business continuity management program from the ground up for one of our client’s US sites, to adhere to client’s global standards, and align with the requirements of ISO 22301. This engagement includes all aspects of the program from business impact analysis, to business continuity plans, risk assessments, training and exercises, where none currently exists. The global head of business continuity for the company was onsite to observe a one-day tabletop exercise assessment. That with the corresponding after-action report, yielded one of the highest scores ever awarded. An additional engagement led us to facilitate a successful pandemic tabletop exercise in March of 2020. On-going training and tabletop exercises are currently in development for the same site, and another site.

Client sought our help to implement emergency response plans for all its locations, and a process for incident management. We delivered on our goal of ensuring all emergency response plans adhere to industry good practices, and regulatory requirements. The plans now link and align all programs and offices, thereby ensuring consistency and standardization across the program and sites. Further, we revamped the incident management team composition, and developed and provided training on the Incident Management Plan to assist leadership when responding to incidents.

Designed, prepared for, and facilitated the annual Incident Management Team tabletop exercise. The goal was to help management ensure there is a viable incident management capability in place in response to an event, large or small. Client was very satisfied with the outcome and takeaways.

As part of a series of business continuity-related lunch and learns, we kicked off the first topic on emergency response planning. We provided a brief overview of a business continuity management system, followed by a discussion of emergency response program trends and best practices, and presented suggestions for improving their program, based on our analysis of sites worldwide. Client is utilizing our recommendations to develop the framework for a globally consistent program.

The primary goal of this engagement was to evaluate one global division to determine, on the basis of objective analysis, if the business continuity program has any material gaps or flaws, or other opportunities for improvement not directly linked to a gap per se. This resulted in a compilation of recommended steps the division should take to address any concerns identified in the evaluation (i.e. a “Roadmap to Maturity”). Additionally, we developed a summary report that presents a detailed analysis of where the program stands regarding its compliance with ISO 22301 requirements, to provide top management with a broad perspective of the program in relationship to the most widely adopted business continuity standard.

Worked with client to identify the most significant threats to their processes, and to identify recovery capabilities, requirements, and gaps for each function based on a Threat Assessment analysis. Additionally, guided client on the creation of a new controlled business continuity plan template.

Performed a gap analysis against the recognized standard: ISO 22301:2012 – Societal security – Business continuity management systems – Requirements so client could better understand the additional steps they needed to take to align with, or achieve, business continuity certification.

Client embarked on the development of a business continuity management program, and sought our help with the initial focus on (1) the development of life safety procedures to help protect company employees and the facility in which the company operates from incident-related threats; and (2) the execution of a Business Impact Analysis, to ultimately drive a response and recovery effort following an incident.

Following recent active shooter training, client was concerned their Emergency Response Program did not reflect current response recommendations. We updated existing documentation to align with the Department of Homeland Security’s latest active shooter, and workplace violence guidelines.

With the long term goal of having a “best in class” global Business Continuity Management program, our client engaged us to assess their program against ISO 22301, and to deliver a roadmap that would seek to close gaps. Subsequently engaged to develop the corporate program governance document, we have since undertaken a series of engagements ranging from development of emergency response plans, to facilitating an incident debrief, to development of client’s European division’s Business Continuity Management System, which resulted in a successful audit by client’s customer.

Our work for this client spans multiple years, and many discreet engagements. Examples include, development and facilitation of multiple Crisis Management Team exercises, to ensure corporate and/or regional team members are trained; we act as emergency notification system Administrators, regularly conducting training and exercises for client’s own internal Administrators, on an ever expanding toolkit of training and testing materials developed by us; we planned and coordinated a strong marketing campaign for a week-long series of events, at two key locations to better prepare staff in the event of a disaster.

More and more customers had been seeking evidence of our client’s Business Continuity Program. We were engaged to develop the program from the ground up. We facilitated a series of workshops to formulate the program’s governance document, establish the Incident Management Team and Plan, ascertain risks, perform a business impact analysis, determine recovery strategies, and create business continuity plans. We trained and exercised both the Incident Management Team members and department Business Continuity Team Leaders separately, then jointly, and created formal After Action Reports following each exercise. A position statement was also created to articulate the scope of the program to our client’s customers.

This client wanted to establish the baseline for their Business Continuity Management program. We facilitated a working session with senior management, which led to the development and acceptance of their Program Governance document.

Following several events in the district, the Principal recognized that his own school had no cohesive team or plan in place to respond to an incident at the school. We facilitated a workshop with the management team to educate them on the Incident Command System structure, identified the Incident Management Team members, and created their Incident Management Plan.

Concerned about the welfare of its staff, our client sought our assistance in implementing its Emergency Response Program for its North America operations. We developed the overarching policy and guidance documentation for the program, along with employee emergency cards, procedures for floor wardens, and detailed Site Emergency Response Plans for management at each site. We delivered a range of training classes to enable staff nationwide to handle incidents, so they now understand their roles and responsibilities, incident reporting structure, basic emergency procedures, as well as processes and protocols. The courses included both didactic and experiential learning opportunities. We are proud that the deliverables we created have been vetted and validated by our client’s insurers.

This client indicated RCC exemplified the following qualities: Great Results | Personable | High Integrity

Client had completed some initial steps towards achieving the goal of developing an effective business continuity program, but recognized that more work was required and that internal resources available to accomplish that work were limited. We executed a series of discrete tasks that collectively resulted in an evaluation of existing business continuity capabilities. We developed an incident management model and crisis communication plan along with a roadmap that the client is leveraging for their future business continuity program development.

This client indicated RCC exemplified the following qualities: Great Results | Expert | High Integrity

The goals of our engagement were two-fold: (1) to conduct a high-level Risk Assessment; and (2) to perform a high-level Business Impact Analysis.

Through our work, we identified and prioritized the various threats to our client’s business, and sought to understand existing prevention and mitigation measures. We also focused on capturing departmental-specific information related to the execution of their stated recovery strategy. Client is implementing our recommendations for improving preventative and mitigation measures, and refining its business recovery strategy, and plans that will be relied on at time of event.

The goals of our engagement were two-fold: (1) to conduct a high-level Risk Assessment; and (2) to perform a high-level Business Impact Analysis.

Through our work, we identified and prioritized the various threats to our client’s business, and sought to understand existing prevention and mitigation measures. We also focused on capturing departmental-specific information related to the execution of their stated recovery strategy. Client is implementing our recommendations for improving preventative and mitigation measures, and refining its business recovery strategy, and plans that will be relied on at time of event.

Created business continuity management exercise maturity program starting with a simple approach and gradually increasing the complexity of the exercise type. Orchestrated multiple full-scale operational exercises to demonstrate the effectiveness of global crisis management, IT disaster recovery and business continuity plans in the Asia-Pacific region. Developed a series of tabletop exercises for North American locations in order to expose errors or omissions in existing plans. These combined efforts have resulted in improved resiliency measures for the organization and are being used as a model for the next four years.

Provided subject matter expertise in the development of a series of tabletop exercises that management thought was innovative and participants were engaged in. The scenario highlighted gaps in planning which is leading management to build more robust departmental business continuity plans.

Created the governance framework for the client’s emergency response program (organizational structure, enabling policies, roles and responsibilities). Also developed emergency supplies and mass care guidelines. Client is utilizing these as the basis for securing appropriate supplies as an emergency preparedness measure and will apply these in the event of an incident.

As part of an ongoing engagement, developed and facilitated ever increasingly sophisticated tabletop exercises for senior management annually. These have been witnessed and approved by external regulators. Re-engaged to review and update the crisis management team plan and all business continuity plans to ensure consistency across program documentation.

Developed an IT disaster recovery strategic roadmap. Our work included ascertaining the client’s current state of disaster recovery was inadequate. We put forward our recommendations and observations, and proposed a timeline for implementation. Our roadmap has been adopted by management and is being put into effect to achieve an effective functional disaster recovery function.

Initially trained the client’s Project Manager to conduct a business impact analysis. Subsequent projects included creating the headquarter’s crisis management plan, business continuity plans for the administrative departments and legal practice groups as well as designing and facilitating a successful tabletop exercise. Also performed a cost/benefit analysis to determine the selection of a mobile workspace recovery unit provider. Re-engaged to develop local plans for offices nationwide to ensure a consistent response to incidents. Built skills in-house to make client more self sufficient.

This client indicated RCC exemplified the following qualities: Great Results | Personable | Expert

Narrated the voiceover for an online class on business continuity plan development which allows the parent company to roll-out training to their many businesses worldwide without external intervention. Additionally, conducted a business impact analysis for the company’s chain of specialty stores which provided the basis for refreshing their business continuity plans.

Created a management guide in the event of a pandemic for the company’s headquarters as well as location-specific plans for its residential programs and outpatient clinics.

Performed a risk assessment. Benchmarked existing emergency response and crisis management capabilities against industry standards. The client now has a roadmap that we developed for achieving a best-in-class crisis management program.

Created a practical pandemic plan for operations at a high-profile national park location. As a result, subsequently re-hired to develop evacuation plans for operations at another park.

This client indicated RCC exemplified the following qualities: Great Results | Personable | Expert

Designed and developed a global pandemic program for a $16.5 billion corporation that involved headquarters, regional and local pandemic plans. Developed an eLearning pandemic training program for use in their many locations worldwide.

Over several years, conducted business impact analyses, determined workspace recovery strategies, and developed departmental business continuity plans. Trained staff. Facilitated multiple tabletop, component tests and full-scale operational exercises annually. Client now has a best in class program and fully functioning crisis management team in place that uses the plans we designed.

Developed a successful tabletop exercise for one of the client’s manufacturing facilities. This enabled management to better understand where improvements are needed to their business continuity management program.

Performed a business impact analysis, identified missing information necessary to permit recovery at time of incident and enhanced existing business continuity plans for the office of the President.

Led a brainstorming workshop with senior management to identify key risks, understand business processes and determine possible recovery strategies for the development of the firm’s business continuity program. Trained management and provided guidance on how to execute department business continuity plans. The crisis management team has twice had to activate and follow the protocols we developed.

This client indicated RCC exemplified the following qualities: Great Results | Personable | Expert

Engaged by former employer to develop and deliver a comprehensive business continuity management training program to its Asia-based staff, providing staff with the skills and tools necessary to deliver business continuity management-related consulting services. Received highest ratings from students’ course evaluation.

Performed facility risk assessments for both the physical and e-commerce distribution centers nationwide for this $25 billion department store chain to highlight to management potential risks that could impact the business. Conducted business impact analyses and subsequently developed business continuity plans in order that the company can maintain operations at time of incident. This pilot project led the client to expand the engagement to include similar work for several other divisions including its merchandising group’s headquarters in Hong Kong.

This client indicated RCC exemplified the following qualities: Great Results | Personable | Expert

Conducted a business impact analysis for a $1.9 billion corporation. Developed a roadmap for the consolidation of business continuity plans by internal resources.

Reviewed existing emergency preparedness, response and recovery program for SEMS/NIMS Emergency Operations Plan compliance and compared with the Disaster Recovery Institute International’s (DRII) professional practices and the Business Continuity Institute’s good practice guidelines so college could better understand gaps in planning processes and take remedial action.

Analyzed whether existing distribution centers had the capacity in a rapidly growing online business to effectively cope with an incident at its e-fulfillment center. Recommended recovery strategy solution. Developed a business continuity plan. Separately, developed a model for reporting property losses at stores which was rolled out nationwide to solve a major business problem.

This client indicated RCC exemplified the following qualities: Great Results | Personable | Expert

Initially this client had little in place to manage an incident. Performed a facility risk assessment for the company’s headquarters and distribution center. Conducted a business impact analysis for headquarters’ operations. Devised a workspace recovery strategy Developed business continuity plans. Conducted multiple tabletop exercises. This has resulted in management now having procedures in place in case of an incident.

Performed a business impact analysis and developed business continuity plans for one of the largest grant-giving institutions in the US. Management has a better understanding of the risks to the Foundation and procedures to follow.

Developed crisis management and business continuity program for this baseball team Facilitated a simulated tabletop exercise with senior management which highlighted gaps in skills and procedures, which were subsequently corrected.

Performed a pandemic risk assessment, which involved conducting a series of interviews with management in order to understand their business and critical functions, helping them to comprehend the nature of the threat, its potential impact upon the company and so that they could develop an appropriate response plan in the event of a pandemic outbreak.

This client indicated RCC exemplified the following qualities: Personable | On Time | High Integrity

Facilitated a pandemic tabletop exercise. Ensured that test exercise objectives were met and delivered a post-action report. They were thus enabled to take the necessary steps to correct existing errors.

This company provides mid-range and high-end storage systems, software services. Implemented the crisis management program for the company’s US-based operations and developed a crisis management handbook as well as corporate, regional and local office crisis management plans where none previously existed.

Assessed a major healthcare company’s IT disaster recovery plan, determining its completeness, logistics and the results of its most recent test. The feedback helped management to implement a more robust plan.

Worked with the Hong Kong branch of a major UK-based bank during the 2003 Asia SARS outbreak to ensure their continued business operations. Changed and adapted the way continuity plans were developed to ensure this client is able to manage and maintain their business operations during a pandemic. (This approach is portable to other clients.)

Implemented a business continuity management program for the Hong Kong/Asia branch of this $35 billion French bank. The success of this project led to a second engagement to conduct exercises at various business locations worldwide to validate plans in each.

Engaged to provide support to teams in London and New York that involved validation and additional analysis of the current state of the Bank’s continuity arrangements in Hong Kong and the plans to update it. The review focused on comparing their business continuity management capabilities with industry best practices and suggesting areas for improvement. The bank was so pleased with the results that it requested similar reviews of its European, African, and South American operations.

Completed a business continuity plan for the seaport operator. Trained more than 80 members of the senior management team to remind them of crisis management infrastructure, plans, and initiatives. Conducted multiple functional and tabletop exercises. This led them efficiently and effectively to manage a mid-stream operators’ dispute shortly thereafter.

Created and managed the business continuity management program for one of Hong Kong’s largest retailers (supermarkets, health & beauty stores, and 24-hour convenience store franchise). Sought after by management to provide guidance to Taiwan operations in aftermath of devastating 1999 local earthquake.