Our client, a major international energy company, were KRisk’s long term client where we have supported them over many years in various projects and capacity. Including interim head of resilience roles developing their Safe, Secure and Resilient strategy working for their Security Director.

This project overview covers our involvement in supporting them manage all aspects of their security risks in relation to the COP26 event in October/November 2021 as they were the principal sponsor of the UN’s event. 

As our client was the principal sponsor for the of the COP26 and energy provider to the  UN’s events the worlds eyes were on Glasgow and our client. The risks were high for our client both in opportunities demonstrate their commitment as a world leader in positive renewable energy strategies but also the security threats this posed from a physical, information security and business continuity perspective.

The events dates were set and our engagement to manage and oversee all aspects of their security risk register commenced at the beginning of 2021.

• We set up a COP26 project risk register to drive all the actions to manage all the associated risks. 
• Risk communication was a key strand we lead on identifying key stakeholder including our staff, VVIPs, event organisers. This also included working closely with the government, the multi-agency emergency services groups. Below are three example areas we supported among many others:
  • We developed clear internal communications from the start, up to and beyond the event e.g., we developed high quality risk awareness videos for cyber related risks (ransom wear, phishing, data breaches etc.). We developed security induction videos for the thousands of people visiting the Head Quarters for the conference speakers. We ensured there was clear incident communications with our incident teams internally and externally.
  • We ensured the incident rooms were set up at different locations to manage the event. Exercising and testing different risk scenarios and continuity plans were facilitated e.g., protestors, cyber-attacks, terrorist attacks on the critical infrastructure providing power to the events.
  • We lead the coordinated information security risk workshops that focused on the systems that supported their important business services. We identified the important systems and the level of controls in place related to cyber and data protection requirements and the dependencies on continuity from the supply chain. We prioritized the risk areas with the IT/Cyber/Continuity and business teams to ensure the most vulnerable areas were mitigated.

The organisation was already at a relatively mature level of resilience, but this project took resilience to a new level as it is about ever evolving and improving. The event went very well, and our client played a very important part in its success.

Because of KRisk’s unique and dynamic skill set we were able to integrate approaches in an effective and efficient way to best serve our clients objectives.

KRisk lead by Grant have been a constant support to me and the Corporate Security team. The knowledge and experience they bring is second to none and their ability to pick up any project is of great value to me and the organisation.