<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=195945&amp;fmt=gif">

Business Impact Analysis

How KJT Group Used a Business Impact Analysis to Develop a DR Strategy and Meet New Compliance Regulations

KJT Group-1

Summary

KJT Group is an evidence-based consulting firm, focused specifically on healthcare. Their client-base includes pharmaceutical, biotech, and medical device manufacturers, as well as health insurers. As a result, they collect and process health-related data and adhere to information security standards set by the International Organization for Standardization (ISO).

As the threat landscape evolves and compliance standards change, KJT Group made the decision to invest resources into their security posture to ensure compliance, develop a disaster recovery strategy, and improve overall functionality. They enlisted ProArch’s help in completing a Business Impact Analysis (BIA) to assess the organization.

Situation

Due to the nature of their work in health care, KJT Group decided to implement security standards as defined by ISO. The ISO framework was recently amended to include a new standard: ISO 27001, which required a BIA to reach compliance.

KJT Group also wanted insight into their disaster recovery process and any technical risks associated with their current state. They already had plans to migrate all workloads to the cloud to improve security, so they took this as an opportunity to assess any potential gaps in their cloud-readiness. This meant they would need an analysis of any technical requirements that needed resolving before migration.

Approach

Due to the nature of their work in health care, KJT Group decided to implement security standards as defined by ISO. The ISO framework was recently amended to include a new standard: ISO 27001, which required a BIA to reach compliance.

KJT Group also wanted insight into their disaster recovery process and any technical risks associated with their current state. They already had plans to migrate all workloads to the cloud to improve security, so they took this as an opportunity to assess any potential gaps in their cloud-readiness. This meant they would need an analysis of any technical requirements that needed resolving before migration.

Solution

KJT Group needed to determine expectations for recovery for each application in scope, the risk to the organization regarding downtime, and their current capability to meet recovery requirements. Without the resources to gather this information in-house, they began the search for IT partners that could guide them and provide recommendations based on their business objectives.

Ultimately, KJT Group partnered with ProArch to perform a Business Impact Analysis. This provided a more holistic view of their infrastructure and how a disaster recovery incident may impact it.

The primary focus areas of the assessment were determined to be:

  • Datacenter architecture
  • Microsoft Active Directory best practices analysis
  • Network Infrastructure
  • Client services
  • IT processes and compliance
  • Network administration

Benefits

As a result of their partnership with ProArch, BestSelf has improved its overall security posture and is ensuring that it maintains compliance with security rules and regulations.

BestSelf has secured benefits such as:

 

  • Responsive round-the-clock SOC team monitoring, containing, and responding to threats
  • Security program alignment with compliance obligations and preparedness for future audits
  • Insight and feedback for security and compliance initiatives
  • Visibility into threats and faster response times with centralized security information event collection enriched by threat intelligence
  • Direct access to SIEM/SOAR tool for real-time threat metrics
  • Quarterly reporting including remediation priorities and metrics to present to leadership
  • Timely notification of zero-day vulnerabilities
  • Secure transition to a remote workforce during the COVID-19 pandemic

 

 

Process

ProArch began collecting data related to key business and technical areas, which ultimately informed the final analysis, deliverables, and recommendations.

Next, ProArch established technical requirements for all applications, systems, networks, and assets. This included strategic planning sessions to document changes required to meet the various business units' Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO), which would ensure compliance.

Throughout the Business Impact Analysis, ProArch developed an actionable road map that prioritized and drove recommendations of solutions that supported KJT Group’s goals.

 

Benefits

KJT Group and ProArch’s partnership was results-driven and ultimately helped them reach key business goals. As a result of the Business Impact Analysis, KJT Group has secured benefits like:

  • Improved cybersecurity posture
  • Established RPO and RTO requirements
  • Met compliance with ISO 27001 requirements
  • Strategy for cloud migration

Testimonials

“The Business Impact Analysis allowed us to bridge the technical gaps between what we had and what we needed.”

Param Singh
Senior Director of Information Technology and Information Security, KJT Group

"The Business Impact Analysis allowed us to bridge the technical gaps between what we had and what we needed."

Param Singh
Senior Director of Information Technology and Information Security, KJT Group

“We were using Amazon Web Services but there were shortcomings where security was involved. As our needs changed, we knew it was time to take a hard look at our data and processes as a whole.”

Param Singh
Senior Director of Information Technology and Information Security, KJT Group

Reach out to our team to learn more about our Business Impact Analysis.