Business Security Services

CONOPS LLP

www.conopsgroup.com

2015

2 – Service Overview

3 – The Threat 4 – Security Review 5 – Policy & Process Audit 6 – Penetration Testing 7 – Crisis Simulation 8 – Our Modular Approach 9 – Adding Value 10 – Summary 11 – Contact Us

CONTENTS

OVERVIEW

CONOPS LLP is a UK based multi-services consultancy firm formed as a result of personal experiences within Libya, Afghanistan, Iraq and Corporate FTSE 200 Businesses within Europe.

Over the years we have been engaged by organisations of all sizes and sectors to deliver market leading security services from the boardroom to the oil field. A common theme across all of our projects is the lack of foresight of many companies to prepare for potential security breaches before they happen.

Unfortunately, this is particularly prevalent in the UK where threat of hostile action is considered minimal. Our Business Security Services focus on testing existing processes, whether outsourced or in-house, and provide recommendations for improvement, cost saving and increased performance. Ultimately, our aim is to ensure the correct safety measures are in place for your organisations most valuable assets and personnel.

2

THE THREAT

Many media outlets focus on conflict and terrorist organisations overseas, and seldom consider the issues facing UK businesses on home soil. Recently, there has been an increase in targeted attacks on company infrastructure and personnel within the UK. Some key examples of how are as follows:

- Kidnap of Executive staff - Corporate office break in to facilitate

identity theft and corporate espionage - Acts of terrorism designed to inflict

mass casualties - Theft of valuable material from

manufacturing sites - Vandalism of costly plant and

equipment - Disruption of consumer services due to

removal of cables, wiring and network infrastructure

We need to be aware of the various threats we face, and must have adequate processes in place to

mitigate such varied risks.

3

SECURITY

REVIEW

Our Security Review consists of three main stages and can take anywhere from two days – two weeks depending on the number of locations covered. The aim is to test existing processes and identify weaknesses.

Initial Consultation – Following a brief overview of requirements, one of our Partners will arrange a confidential meeting at a time convenient for you to discuss what you want from the review. We will agree on work to be completed and identify initial timescales.

Testing – Our team will begin engaging with your business locations and record all interactions, findings and recommendations. We will interact with staff in accordance with agreements made at the consultation stage. We can operate both overtly and covertly, for example assessing security outside of working hours. Reporting – Once the fieldwork stage is complete, the lead Partner will debrief the consultants and compile a Findings and Recommendations Report (FRR) which is what will be delivered to you. Included will be a catalogue of events tested over the period of or work and any findings we may have made. We will then work with you to implement changes and improve your overall security.

4

POLICY & PROCESS

AUDIT

Sometimes our clients ask for a more detailed approach to testing and we will conduct a review of security policy in addition to a physical review of processes. Although complimentary to the Security Review, this can be completed separately.

Policy Review – Whilst most companies have a security policy, it is rarely up to date. Threats to business are constantly changing, and our counter measures must evolve accordingly. We will review all related documentation including H&S, IT Security, Access Security, Starters and Leavers processes, Physical Access and Evacuation policies.

Understanding – We will begin by speaking to key individuals within your organisation to understand what the overall risk appetite, perceived threats and critical business processes are. We will not adopt a formulaic approach and appreciate that every client is different.

Policy Implementation – We will engage with employees, at your discretion, and analyse the level of implementation and understanding of policy. This will include assessment of any reviews conducted and delivery of our findings in a Findings and Recommendations Report (FRR). Where issues have been highlighted, we will work with you to bring documentation up to

date and implement new processes from scratch.

5

PENETRATION

TESTING

6

Penetration Testing is not relevant to all businesses and is a step up in detail from our Security Review. Our highly trained operatives will assess and monitor security provision at a location before attempting to gain access, all in a highly controlled and recorded environment.

We recommend Penetration Testing to businesses who operate secure sites, typically with a visible security presence such as manned guards or CCTV, and those who may find themselves targeted by criminal organisations. Examples may include:

- Distribution and Logistics with warehousing

- Banks and Financial institutions

- Car Showrooms and Dealerships

- Power Distribution Networks

- Airports and Public Transportation Hubs

- Telecommunications Providers

All Penetration Testing is completed within a given timeframe to avoid impact on business operations and regardless of outcome, a report is provided summarising key events and observations from the fieldwork team.

CRISIS

SIMULAITON

Simulating, or ‘war gaming’ a crisis in collaboration with senior management in your business is sometimes the most effective way to identify real and potential issues.

Combining our military command and planning experience with understanding of corporate business processes and audit procedures, we can facilitate and manage a controlled scenario designed to test existing frameworks.

Through liaising with internal departments, local government agencies, emergency services and utilising trained operatives and actors we can role play a wide range of crises including:

- Significant Security Incident

- Fire & Natural Disaster

- Reputational & Intellectual Damage

- Cyber Attack & Digital Infiltration

7

Due to the potential complexity of this service, significant collaboration may be required from your organisation for larger projects.

OUR MODULAR

APPROACH

We don’t believe that one size fits all. Each

company has different requirements and so we

tailor our services appropriately. Our Modular

Approach affords you maximum flexibility

depending on what you need. We are always on

hand to make recommendations should you

require guidance.

8

Security

Review

Crisis

Simulation

Pen.

Testing

Policy

Audit

High

Risk

Medium

Risk

Low

Risk

ADDING VALUE

9

By engaging us to deliver security audit work, not only are you achieving assurance over asset and personnel safety. We have helped organisations achieve various levels of accreditation, compliance and standards relevant to their industry.

We pride ourselves on client relationships and no project is too much. With a global network of specialists, we can draw upon expertise from across the world to bring value to your company.

All of our bespoke packages are designed to achieve:

- Increased Security

- Critical Asset Assurance

- Personnel Safety

- Improved Performance

- Avoidance of costly Insurance Claims

- Continued Operations

- Incident Readiness

Even companies based purely in the UK are at risk of security breaches. An increase in home grown extremist networks, access to information and limitations of the police mean it is important now, more than ever, to protect your most valuable assets.

SUMMARY

Our methodology adopts a full-cycle holistic approach to provide forward looking, predictive and actionable information and support services to assist high level decision making and strategic planning process. Let us give you the assurance that your measures will keep you safe.

Our services help to facilitate business opportunities, economic growth and increased security through dynamic solutions for an ever

evolving world.

10

Mr Andrew Young Partner

M: (+44) 7407 352 111

E: andrew.young@conopsgroup.com

Mr Martin Murray Partner

M: (+44) 7891 603 923

E: martin.murray@conopsgroup.com

Mr Xavier Firth Partner

M: (+44) 7841 715 274

E: xavier.firth@conopsgroup.com

CONOPS LLP

113-117 Lillian Court | Barr Street

Birmingham | B19 3DE

United Kingdom

CONTACT US

11

Registered Office: 71-75 Shelton Street | Covent Garden | London | WC2H 9JQ

© CONOPS LLP 2015