IR works with major organisations and governments internationally to provide planning and review advice to aid in developing and implementing cost effective security solutions to safeguard personnel, assets, clients and reputations.
Effective strategic security planning provides the foundation for good security management throughout an organisation and is an important part of corporate governance. We have broad experience across a broad range of sectors, locations and business sizes in:
• strategic security plans
• analysis of risks and issues
• identification of key principles and objectives
• frameworks for implementation of security
• budget requirements
• developing supporting policies and procedures.
IR takes a collaborative approach to strategic planning, working closely with clients and identified stakeholders to develop strategic planning products that are tailored to individual business needs.
Risk Assessments and Reviews
A critical component of IR’s success as a leading management services provider globally is our deep understanding of risk management methodology consistent with the international standard for Risk Management – Principles and Guidelines (ISO 31000:2009) and the Security Risk Management Handbook (HB 167:2006). We have developed enterprise-wide and security risk management frameworks for numerous clients and delivered hundreds of risk assessments on projects, facilities, organisations and events. These include energy infrastructure, airports, data centres, corporate head offices, shopping centres, stadia, transport hubs and healthcare facilities.
IR also conducts technical security audits and organisational reviews, often in conjunction with a security risk assessment, to rate the effectiveness of existing controls. Using our CAPGAP™ methodology, we recommend improvements to close the gap between ‘current state’ and an optimal a ‘future state’ to mitigate risks to acceptable levels. We review all policy, physical, technical and personnel security controls.
Our global experience assists clients in the overall management of organisational risk, and facilitates the creation of cost effective and fit-for-purpose treatments.
Our risk products include:
• Enterprise wide Risk Assessments
• Sovereign Risk Assessments
• All Hazards Risk Assessments
• Security Risk Assessments
• Vulnerability Assessments
We regularly complete assessments to comply with standards and guidelines including:
• TIA-942 – Telecommunications Infrastructure Standard for Data Centers
• Monetary Authority of Singapore (MAS) Technology Risk Management Guidelines (TRMG) 2013
• Australian Government Protective Security Policy Framework (PSFP)
Crisis Management Planning
The preparation and delivery of Crisis Management Plans and exercises is a key component of our menu of services. We have industry leading skills and experience in crisis management projects in the consumer goods, critical infrastructure, energy and mining sectors.
We are a leading provider of Crisis Prevention and Response services globally. We support multinational clients on a 24/7 basis, with services including Kidnap Ransom and Extortion (KRE) response; evacuation planning and operations; contaminated product and malicious product tamper (MPT) response: and expert support in a range of other crisis situations.
In partnership with a leading insurer, we offer a worldwide membership-based medical and security travel assistance service. This provides global support to members through a guaranteed 24/7/365 response to medical or security emergencies.
IR is also the exclusive Asia and Pacific regional partner for the global crisis response company, red24 plc, which is contracted by a score of international underwriters including HDI-Global, Allianz and Liberty International.
We support clients in public and private sectors in developing business resilience regimes. Our expertise covers the spectrum of business resilience planning support:
• Business continuity plans
• Business impact analyses
• Development and delivery of training and exercising programs
As the concept of business resilience has matured, IR has been able to assist clients across the whole continuum from planning, exercising, initial incident response, crisis and emergency management, to business recovery. This evolution includes helping clients to move to a more ambitious, proactive level of readiness so that objectives extend beyond ‘tactical’ management of interruptions, to the promotion of systemic prevention and capacity building.
Consistent with international best practice, we promote a model which enhances risk resilience and maintains business sustainability in adverse conditions. IR’s methodology is compliant with the international standard Societal Security – Business Continuity Management Systems – Requirements (ISO 22301) and the Business Continuity Management Handbook (HB221). We also have extensive experience in the application of emergency management standards such as AS3745 and ISO 22320.
IR’s expertise and services include the provision of operational support for clients, usually through an end-to-end security management solution in planning and operational delivery and post-event client debriefings to identify lessons learned and drive a process of continual improvement.
We routinely embed senior IR practitioners in client workforces for company AGMs, conferences and major events, where our personnel are integrated into the client’s management team to perform key roles. For example, a senior IR officer was contracted as a manager in the Games Security Command Centre at the London 2012 Olympics.
We also embed senior personnel to implement a review or manage a new program, or to provide direct support in response to a security issue or crisis. For example, a senior IR representative managed the security functional area in an international bank for over 12 months following a major restructuring; and a major Australian energy company contracted IR to provide a senior executive as the temporary head of its security and safety branch, for several months, after an organisational review.
In the event of any major security related crisis, it is relatively common for IR corporate clients to request we deploy a subject matter expert to provide ongoing advice to the Crisis Management Team (CMT).
We have successfully conducted numerous complex and often cross-jurisdictional investigations, including matters involving workplace malfeasance employee fraud, financial investigations, and other sensitive corporate matters including unauthorised information leaks. IR’s extraordinary investigative successes are due to the subject matter experts within the core IR team and the global network of specialist personnel we are able to task on a case-by-case basis.
IR’s investigative capabilities are frequently deployed in support of due diligence assignments, and can be utilised to complement other IR analytical services. Our specialist investigators are licensed and investigations are routinely performed to the appropriate evidentiary standard.
We complete background checking and due diligence inquiries on individuals and companies with the emphasis on confirming truthfulness and integrity, and discovering risk indicators; such as links to criminal activity, commercial litigation record, financial viability and reputational concerns. We assist clients make an informed judgements before committing, to key investment decisions; such as a joint venture, a new partnership or the recruitment of a key senior executive.
Inquiries commence with basic database checks in the appropriate languages and routinely involve more in-depth, active investigative options and interviews. We have an extensive network of contacts and deploy personnel to conduct on-the-ground inquiries throughout the world. IR’s specialist capability allows us to combine access to relevant databases, official records, linguistic support and very senior in-country contacts, with sophisticated analysis to deliver high quality due diligence advice and recommendations to our clients.
IR provides specialised reporting based on client needs and we are always cognisant of the relevant legislative and regulatory requirements, including the following:
• Foreign Corrupt Practices Act 1977 (USA)
• Bribery Act 2010 (UK)
• Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Australia)
• Corporate Governance Principles 2014 (Australian Stock Exchange)