Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

Crisis Management

Crisis Management

Section titled “Crisis Management”

5 automated security scanners

International Extraction Capability

Section titled “International Extraction Capability”

Purpose: The International Extraction Capability Scanner is designed to detect and analyze evacuation plans, safe haven identification, and transportation options within international operations. This tool helps ensure that companies have effective crisis management strategies in place by searching for detailed procedures, identifying specific roles during evacuations, verifying emergency contact information, and ensuring secure and accessible safe havens.

What It Detects:

  • Evacuation Plan Identification: The scanner searches for detailed evacuation procedures and protocols, identifies specific roles and responsibilities during an evacuation, and verifies the presence of emergency contact information and communication plans.
  • Safe Haven Identification: It locates designated safe havens or shelters within international locations, ensuring they are secure and accessible for different types of crises.
  • Transportation Options: The scanner identifies available transportation methods for evacuation (e.g., air, sea, land), verifies the availability of emergency vehicles and transportation services, and ensures that these options are documented and regularly updated.

Inputs Required:

  • domain (string): The primary domain to analyze, such as “acme.com,” which helps in directing the search for crisis management information across various paths on the company’s website.
  • company_name (string): The name of the company, like “Acme Corporation,” used for searching within the site for relevant statements and documents related to crisis management.

Business Impact: This scanner is crucial for enhancing the security posture of multinational corporations by ensuring that they have well-defined plans in place for potential crises, which can significantly impact employee safety and business continuity across international operations.

Risk Levels:

  • Critical: The risk level is critical when there are significant gaps or deficiencies in evacuation procedures, unsafe safe havens, or inadequate transportation options documented within the company’s crisis management policies.
  • High: A high risk level exists when evacuation plans and protocols lack detail, specific roles are not clearly defined, or emergency contact information is missing from communication plans.
  • Medium: Medium risks pertain to incomplete documentation of safe havens, unclear accessibility features for safe havens, or insufficient verification of transportation options within international locations.
  • Low: Low risk levels indicate that evacuation procedures and protocols are adequately detailed, specific roles are clearly assigned, emergency contact information is present in communication plans, safe havens are secure and accessible, and all transportation options are documented and regularly updated.
  • Info: Informational findings include the presence of crisis management policies compliant with international safety standards and regulations, transparent communication regarding crisis preparedness and response within trust center pages.

Example Findings:

  • The scanner might flag a critical finding when it identifies that evacuation procedures do not specify detailed steps for handling specific scenarios or roles are undefined in emergency situations.
  • A high risk example could be the absence of secure designated safe havens or unclear accessibility features during crises like natural disasters, leading to potential safety hazards.

Workplace Violence Prevention

Section titled “Workplace Violence Prevention”

Purpose: The Workplace Violence Prevention Scanner is designed to analyze and assess a company’s existing security documentation, public policy pages, and trust center information to identify and evaluate the presence of comprehensive policies related to workplace violence prevention. This includes examining indicators such as security policies, threat assessment protocols, response protocols, compliance certifications, and conducting manual reviews of these policies for effectiveness and completeness.

What It Detects:

  • Security Policy Indicators: Identifies the presence of security policies that address workplace violence by looking for terms like “security policy,” “incident response,” “data protection,” and “access control.”
  • Threat Assessment Protocols: Checks for documented threat assessment procedures to identify potential risks within the workplace, searching for keywords such as “threat assessment,” “risk management,” and “vulnerability assessment.”
  • Response Protocols: Evaluates the existence of clear response protocols in case of violent incidents, looking for terms like “response protocol,” “emergency plan,” and “incident handling.”
  • Compliance Certifications: Verifies if the company holds relevant compliance certifications that ensure adherence to workplace safety standards, including searches for indicators such as “SOC 2,” “ISO 27001,” “penetration test,” and “vulnerability scan/assessment.”
  • Policy Review and Manual Evaluation: Conducts a manual review of the identified policies to assess their effectiveness and completeness, ensuring all necessary components are covered in the security documentation.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com), which is essential for searching the company’s site for security-related documents.
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”), used in search queries to verify and contextualize findings within the broader context of the organization.

Business Impact: Ensuring robust policies related to workplace violence prevention is crucial as it directly impacts employee safety and organizational resilience against potential threats, which can significantly affect both the operational efficiency and reputation of a company.

Risk Levels:

  • Critical: Conditions that would lead to critical severity include the absence of any security policy or certification indicating strong adherence to workplace safety standards.
  • High: Conditions for high severity involve deficiencies in threat assessment protocols, inadequate response mechanisms, or lack of clear communication about incident handling procedures.
  • Medium: Conditions for medium severity are marked by incomplete or insufficient policies and procedures related to violence prevention, which may still pose significant risks but less so than critical issues.
  • Low: Informational findings at the low risk level pertain to minor gaps in policy coverage that do not significantly impact security posture but could benefit from improvement.
  • Info: These are general informational findings indicating the presence of policies or certifications without severe implications, suitable for ongoing monitoring and potential enhancement as part of routine security practices.

Example Findings:

  1. A company lacks a dedicated “security policy” section on its website despite having multiple public policy pages that could be considered under this category.
  2. The trust center does not include any indicators of threat assessment procedures, suggesting a gap in risk management within the organization’s policies.

Family Assistance Planning

Section titled “Family Assistance Planning”

Purpose: The Family Assistance Planning Scanner is designed to identify and assess communication protocols, support services, reunification plans, policy indicators, and maturity indicators within organizations. Its primary purpose is to ensure that these entities have robust crisis management strategies in place for family assistance during crises.

What It Detects:

  • Communication Protocols: The scanner identifies the presence of clear communication channels for families and verifies the availability of contact information such as phone numbers and emails, along with emergency response procedures.
  • Support Services: It locates references to mental health support services, legal aid resources, and financial assistance programs.
  • Reunification Plans: The scanner searches for detailed reunification protocols, identifies identification verification processes, and checks for transportation arrangements and accommodations.
  • Policy Indicators: It detects security policy references, incident response plans, data protection measures, and access control policies.
  • Maturity Indicators: The scanner looks for SOC 2 compliance certifications, ISO 27001 standards adherence, penetration test results, and vulnerability scan assessments.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com) - This input is essential for the scanner to gather information from the specified website.
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”) - The company’s name helps in identifying relevant statements and documents during the analysis process.

Business Impact: This scanner plays a crucial role in enhancing an organization’s crisis management strategies by ensuring that all necessary communication channels, support services, reunification plans, and security measures are in place to protect families during crises. It directly impacts the ability of organizations to respond effectively to emergencies and maintain trust with stakeholders.

Risk Levels:

  • Critical: The scanner identifies significant vulnerabilities or lack of clear crisis management strategies that could lead to severe consequences for family assistance during crises, such as legal liabilities or loss of public trust.
  • High: The scanner detects critical gaps in communication protocols, support services, or policy indicators that may significantly affect the organization’s ability to manage crises effectively.
  • Medium: The scanner identifies areas where improvements could be made in crisis management practices without immediate risk but are still important for overall security posture.
  • Low: Informational findings indicating minor issues that do not pose significant risks but can be improved for better crisis management and family assistance during emergencies.
  • Info: Findings that provide general insights into the organization’s stance on family assistance during crises, which may include some policy or maturity indicators without immediate risk.

If specific risk levels are not detailed in the README, they have been inferred based on the purpose of the scanner and its potential impact.

Example Findings:

  • “The company lacks a dedicated emergency response plan that outlines clear steps for family reunification during crises.”
  • “There is no mention of SOC 2 compliance certifications within the organization’s policies, indicating a gap in demonstrating security practices.”

Event Emergency Planning

Section titled “Event Emergency Planning”

Purpose: The Event Emergency Planning Scanner is designed to analyze company websites and identify the presence of evacuation protocols, medical response plans, and communication strategies for emergencies. This tool helps organizations ensure they have robust crisis management frameworks in place by detecting specific terms and phrases related to emergency planning across various sections of a website.

What It Detects:

  • Evacuation Protocols: Identifies sections detailing emergency evacuation procedures and looks for terms like “evacuation plan,” “emergency exit routes,” and “assembly points.”
  • Medical Response Plans: Searches for medical response strategies, including first aid stations, emergency contacts, and medical supplies, focusing on phrases such as “first aid kit,” “emergency medical personnel,” and “medical evacuation procedures.”
  • Communication Plans: Evaluates communication protocols during emergencies, including internal and external messaging, with terms like “communication plan,” “emergency notifications,” and “public relations strategy.”
  • Policy Indicators: Scans for security policies that may include emergency response guidelines, looking for phrases such as “security policy,” “incident response,” “data protection,” and “access control.”
  • Maturity Indicators: Checks for compliance certifications and maturity indicators related to crisis management, detecting terms like “SOC 2,” “ISO 27001,” “penetration test,” and “vulnerability scan/assessment.”

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: Ensuring robust crisis management frameworks is crucial for maintaining the security posture of an organization, as it directly impacts the ability to respond effectively to emergencies and protect stakeholders’ interests.

Risk Levels:

  • Critical: Conditions that would lead to critical severity include explicit mention of life-threatening scenarios or direct threats to human safety in evacuation plans or medical response strategies.
  • High: Conditions for high severity involve significant risks such as major data breaches, extensive system disruptions, or widespread public impact due to inadequate communication protocols.
  • Medium: Medium severity is associated with potential issues that could lead to substantial operational disruptions or notable financial losses if not addressed promptly.
  • Low: Informational findings at the low risk level pertain to minor compliance gaps or non-critical aspects of emergency planning, which do not pose immediate threats but are still recommended for improvement.
  • Info: These include general mentions of security practices and regulatory compliance that provide a baseline understanding but do not significantly impact overall risk profile.

Example Findings:

  1. “Our evacuation plan includes designated exit routes and assembly points clearly outlined in the emergency procedures manual.”
  2. “Emergency medical personnel can access detailed information about first aid kits and locations directly from our internal system, ensuring quick response during crises.”

Kidnapping Ransom Preparedness

Section titled “Kidnapping Ransom Preparedness”

Purpose: The Kidnapping Ransom Preparedness Scanner is designed to evaluate a company’s readiness for potential kidnapping and ransom incidents by assessing the presence of relevant security policies, incident response plans, data protection measures, and compliance certifications. This tool helps organizations identify gaps in their security posture related to these critical areas.

What It Detects:

  • Security Policy Indicators: Identifies mentions of “security policy” in company documentation, including references to “incident response,” “data protection,” and “access control.”
  • Maturity Indicators: Detects references to SOC 2 compliance, ISO 27001 certification, penetration test results, and vulnerability scan or assessment documentation.
  • Public Policy Pages: Scans public policy pages for security-related content on official company sites.
  • Trust Center Information: Examines trust center information for security measures and policies, verifying the presence of compliance certifications in these sections.
  • Compliance Certifications: Identifies mentions of SOC 2, ISO 27001, and other relevant compliance certifications, as well as documentation supporting these certifications.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: Assessing the preparedness for kidnapping and ransom incidents is crucial as these types of events can have significant financial, reputational, and operational impacts on organizations. This scanner helps in identifying areas where improvements are needed to enhance security measures against such threats.

Risk Levels:

  • Critical: Severe vulnerabilities or lack of documented policies that directly impact the ability to respond to kidnapping and ransom incidents.
  • High: Important but not critical security features, such as incomplete incident response plans, missing data protection guidelines, or unverified compliance certifications.
  • Medium: Partially implemented security measures or gaps in specific areas like access controls or SOC 2 compliance that require attention for better preparedness.
  • Low: Informal mentions of policies without concrete evidence or minor deviations from ideal standards that do not significantly impact the overall risk profile.
  • Info: General references to cybersecurity practices without detailed assessments, which may be considered informational but still indicative of a proactive approach in security management.

Example Findings:

  • “Acme Corporation” mentions a comprehensive security policy including incident response procedures and data protection guidelines on its public website. However, the trust center lacks explicit SOC 2 certification documentation.
  • A company with no mention of any security policies or compliance certifications across their site is flagged as having significant gaps in preparedness against kidnapping and ransom threats.