Case Study

We help with the how so you can focus on the why.

a lock icon in front of a computer, showing security
Text reading "The Backup Plan: An organization takes steps to improve its risk position in the modern world." on an orange background.

AT A GLANCE

CHALLENGES

  • Increase in global cyber incidents & new technology - lack of internal expertise to manage these risks.

  • Lack of business continuity planning.

  • Vulnerable to privacy and security incidents.

OUTCOMES

  • Fulsome and tailored privacy program, based on industry best practices.

  • Development of a risk management framework.

  • Creation of a business continuity plan and crisis management team.

OBJECTIVES

In 2018, a national, not-for-profit member organization began work on a comprehensive strategy to modernize the organization’s day-to-day operations. A primary focus for this strategy was to improve the organization’s privacy and security risk management position. These areas had not previously been a major concern, due to the size and nature of the organization; however with the technological shifts the world was seeing and an increase in global cyber attacks and other incidents, the organization’s leadership recognized that it was time.

SOLUTION

Having little in-house expertise in these areas, a privacy needs assessment was undertaken. Following the assessment, a plan was developed to address the gaps identified, including policy and process changes, internal capacity building and staff training. The resulting work also led to the development of a cybersecurity program and the establishment of a business continuity plan and crisis management team. Very quickly, the organization began to shift, both in its preparedness for emergencies and in staff’s awareness of their roles and responsibilities in protecting the organization and its community.

RESULTS

1. Development of a privacy program: Internal privacy expertise was developed and led to the creation of a fulsome privacy program for the organization within one year of the assessment. Policy and process changes were implemented over time and continued to evolve with changes to legislation and to the organization’s activities. A culture of privacy was established, as staff became aware of their obligations.

2. Creation of a privacy and security risk management framework: To help leadership assess and manage its risks, and to help prioritize the work of the team, a privacy and security risk management framework was created. It was reviewed quarterly with progress reported to senior management and the Board of Directors.

3. A business continuity plan and crisis management team: A business continuity plan was developed in early 2020 (just prior to the COVID-19 pandemic). A new crisis management team was established, as was a practice of regularly testing the plan. This work helped guide the organization’s response throughout the pandemic and helped it prepare for future incidents.

“Heather’s leadership was essential in achieving our privacy, security and business continuity needs. She helped our leadership team understand the importance of the work, built wide-buy-in and got it done.”

Paul Davidson, President & CEO