First actions
Enterprise priorities
Use governance and technical controls together, especially where business processes depend on suppliers.
Own critical services
Map the systems, people, third parties and data flows needed to deliver your most important services.
Prepare for ransomware
Test offline recovery, legal escalation, executive decision paths and communications before an incident.
Measure identity risk
Review privileged access, dormant accounts, service accounts, conditional access and emergency accounts.
Plan regulatory response
Include POPIA assessment, customer notifications, law enforcement contact and evidence handling in playbooks.
Sample guidance
Assurance areas
Use risk language leaders can act on
Report control health, incident readiness, recovery confidence and major supplier dependencies, not only vulnerability counts.
Control cloud drift
Track public exposure, privileged roles, encryption coverage, logging gaps and shadow SaaS use across business units.
Assure outsourced operations
Require incident notification timelines, access reviews, backup expectations and evidence of secure administration.
Prioritise useful telemetry
Collect identity, endpoint, email, cloud admin and network logs for the services that matter most to continuity.
Checklist
Executive resilience review
- Confirm the top business services and their maximum tolerable outage.
- Review ransomware recovery time evidence from a recent restore test.
- Check that incident roles include legal, privacy, communications and finance.
- Review critical suppliers with network, admin or data access.
- Track open control gaps with owners and target dates.