Risk & Compliance


Service Offerings

  • Asset management
  • Enterprise risk and regulatory advisory
  • Program development, review and management
  • Regulatory compliance
  • Risk and compliance maturity assessments
  • Supply chain risk management
  • Third-party risk management

Successful application of governance, risk and compliance practices means integrating critical models into all facets of your organization, from building out new facilities, to planning asset inventory and management, to developing new programs or processes. Creating this culture of compliance upfront helps you avoid costly change within your organization.

We combine our vast risk management knowledge with critical design thinking, as well as industry-proven standards, toolsets and methodologies to deliver an integrated risk and compliance framework that further enhances that culture. We examine the enterprise risks you face and the compliance cycle for your industry, identifying where you can grow and automate your compliance programs.

Safety and reliable operations are the cornerstones of risk management and resiliency for critical infrastructure environments. We apply a three-pronged approach to achieve risk management and resiliency, balancing regulatory compliance, system reliability and cyber risk management. Our team is made up of consultants with experience in all three sectors, and they focus on improving the safety, security and reliability of critical infrastructure. Our goal is delivering the people, process and technology that support risk and resiliency, preparedness and situational awareness. 

As we help you examine your critical infrastructure compliance program, we emphasize:

  • Greater risk visibility
  • Automation opportunities
  • Plans for recoverability
  • Advanced detection

Mind the Gap: Resilience Goes Beyond Compliance

Critical infrastructure industries are implementing connectivity and data systems that open them up to new threats that require cybersecurity mitigations.
Read more

Achieving Compliance Across Your Organization

By leveraging the maturity, integration and stakeholder engagement models we’ve developed, we gain an understanding of the risks associated with your business and assets. We implement a collaborative risk model that is built, adapted and managed within your organization. Our team helps you recognize and counter risks from broken systems and bulky manual processes. We identify and break down siloed operations through controls, integration and automation.

We partner with you to nurture and expand your risk operations and advance your program management, giving your team the edge it needs to deliver on compliance, risk and board commitments.

The Ticking Clock for AWIA Compliance on Risk Assessment and Emergency Response Plans

America’s Water Infrastructure Act (AWIA) requires compliance planning for the resiliency, physical security and cybersecurity of community water systems.
Read more

Compliance With America’s Water Infrastructure Act (AWIA)

As we help the operators of community drinking water systems meet AWIA requirements associated with risk and resilience assessments (RRAs), we leverage our cybersecurity capabilities to identify, mitigate malevolent and natural threats. Our holistic support AWIA compliance, risk assessment, resilience, monitoring systems, financial infrastructure, chemical handling, and operations and maintenance.

Executive order adds momentum to mitigation of cyberthreats to U.S. power industry

In the face of increasingly sophisticated cyberattacks in recent years, the U.S. utility industry has responded with an array of strategies designed to reduce and eliminate vulnerabilities to increasingly digitized systems. Now, with the recent issuance of an executive order from President Donald Trump, utilities will expand this effort to other assets touching the bulk electric system.

Read more
Blog Post
Bridging the Gap: Benefits of a Business Continuity Plan
Risk is a constant. Preparing for disruptions is difficult, but a business continuity plan can help an organization stay afloat during and after an event.
Read more
Blog Post
Choosing a Framework for Optimal Risk Management
Choosing the right framework is key in the assessment and management of risk. A framework can help organizations go beyond meeting compliance standards.
Read more
Blog Post
Automating Security Operations: SOAR Supports Integrated Cybersecurity
Security Orchestration, Automation & Response (SOAR) can help teams automate and integrate processes for increased security amid increased remote work.
Read more
Blog Post
Order 843 and CIP-003-7: How They Will Impact Low Sites
New standards from the Federal Energy Regulatory Commission were published in Order 843 and go into effect on Jan. 1, 2020. These new standards affect low sites and electronic access controls, as well as requiring transient cyberassets to have updated anti-virus software.
Read more
Matt Morris, 1898 & Co., Part of Burns & McDonnell
Matt Morris
Managing Director, Security & Risk Consulting

Send Us a Note

*Denotes Required Field

1898 & Co. needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.

Because the future won’t wait.