The first hours are crucial. How do you act when there is a security or privacy violation or abuse in your organisation, or some other situation that differs from usual business and could cause damage to your company’s reputation and finances? Are you able to react to the situation immediately?
We provide you with holistic support for the prediction, investigation and management of anomalies. We will help you prevent, investigate and fix situations resulting from various anomalies that may cause significant damage to your company’s reputation, brand and finances. We will work fast, independently and confidentially using our global network.
We help organisations identify and assess external and internal threats for the development of risk management. Our experts assist organisations in risk management work and help create an understanding of the management of the external and internal threat environment.
How does the organisation’s security management look in a digital operating environment? What does the security situation look like from a external point of view such as attacker’s? We help organisations recognise their own strengths and weaknesses by utilising leading technology and tools in the industry and the know-how of our experts.
As the security environment changes constantly, it is our experience that companies and organisations should be appropriately prepared for the management of security incidents. We will help you describe the incident process and practice it together with you. Our support extends even further: we also want to be there to support you if a situation has escalated.
The prediction and management of incidents is all about adequate maintenance of overall security. We perform current state analyses for all areas of security, whether it concerns personal safety, the security of facilities or cyber security. We are also familiar with the privacy issues and business continuity planning. We also do remediation, implementation and training in all these areas.
We offer assistance in the investigation of any abuses and disputes related to the operation of a company or organisation by means of like material inspections and interviews, for example. We also assist in the retrieval and securing of electronic materials and assessment of financial effects. We offer advice in the design and implementation of corrective actions. We help organisations, their senior management and legal advisors with things such as:
When you cannot discuss a suspicious situation in the workplace under your own name or to your own superior, an independent communication channel is needed. The solution is a whistleblowing channel, through which an organisation can get significant information about grievances and an opportunity to react to them quickly. A report sent early through a whistleblowing channel may also help the company prepare for any publicity arising out of unethical actions.
Tightening regulations set more and more requirements for the adoption and management of whistleblowing channels at Finnish companies. A whistleblowing channel is not only about technology. The larger and more international the organisation, the more demanding it is to create and deploy a whistleblowing channel. The channel must offer appropriate protection of anonymity and confidentiality for the employees and stakeholders who have filed reports. The right kind of corporate culture and adequate training related to the whistleblowing channel play a key role in how the channel is used and whether there is trust in its neutrality and appropriate processing of the reports at the workplace. (continued on next page)
The best option for reporting on actions that are contrary to the company’s operating principles is a face-to-face conversation with the immediate superior or another member of company management. Turning to a superior is not always possible, however. This may be the case when the whistle-blower feels that the superior is involved with the grievance. Sometimes a company employee or subcontractor may fear that reporting on a grievance will cause problems for their employment or subcontracting relationship.
An organisation should have a plan in place for such situations and an appropriate whistleblowing channel that can best serve company employees and stakeholders. The whistleblowing channel can be organised internally or with the help of a third-party service provider. We will help your company in the creation and management of a whistleblowing channel and the reception and investigation of reports. We will also train company staff as required.
Business continuity planning is one of the basic requirements of the continuity of an organisation’s operation. The same goes for operation disaster recovery planning and management of crisis. We help organisations develop disaster recovery planning and recovery from crisis, thereby increasing the resilience of organisations.
Cybersecurity & Privacy Leader, PwC Finland
Tel: +358 (0)20 787 8844