The Group sought to review its Incident Management Program to ensure that it was suitable and to remedy identified security deficiencies. With several organisational changes and recent incidents, modifications were needed. Industry Risk security consultants reviewed internal program documentation, engaged with Divisional CEOs across the Group and examined internal cultural norms for responding to incidents.
Over an extended period to minimise the impact of rapid change, strategic security policies, risk frameworks and business continuity plans were developed and implemented, and security workshops and exercises were delivered to ensure that key stakeholders were intimately familiar with and practised in the revised approaches. Aide-memoires were also developed for personal carriage and use.
This process was critical in view of the close attention being paid by industry regulators.