Andy Tomkinson


Andy is an industry acknowledged subject matter expert in Business Continuity, Crisis Management, Cyber Incident Response, Disaster Recovery, Emergency Planning, Risk and Operational Resilience. Andy has participated in the development of National, European and International standards and recognised Good Practice Guides on Incident Control Systems ICS and participated in creating BS11200 the standard for crisis management, ISO 22301 the standard for business continuity and was a co-author of BC for Dummies published by Wiley in 2012.

Business Sectors

    Andy has worked in the following industry sectors:

  • Private Sector includes: Law firms, financial services, professional services, oil and gas, chemical manufacturing and construction
  • Major Events include: London 2012 Olympics (ODA and LOCOG 2009-2012)
  • Public Sector includes: Cabinet Office, MOD, DWP and DFE
  • Third Sector includes: charities, not for profit organisations, housing associations, educational establishments and NGOs

Key Experience

He has 20 years experience in Resilience across all sectors and can transfer his industry knowledge and the ability to provide benchmarking information. He has experience in providing advisory and assurance in both technological (DR) and business (delivering products and services) disciplines.

Consultancy and ISO 22301 registration and alignment

  • Consultancy and ISO 22301 registration or alignment for a number of Law firms including Brodies, Clifford Chance, DLA Piper, Fladgate Fielder, Freshfields, Linklaters and Herbert Smith.
  • Consultant for design, facilitation and debriefing of awareness, training and exercises.
  • Auditor to assure the capability of plan documents, teams and technological responses.
  • Facilitated over 500 hundred Cyber, Data Breach, BC exercises, rehearsals and DR tests.


Benchmarking and ISO 22301 and ISO 27001 Certification

  • Contracted to deliver certification to ISO 22301 and ISO 27001 for seven different organisations.
  • Technically competent and experienced in Resilient by Design (RbD) and Secure by Design (SbD).



  • Experienced trainer and mentor delivering general crisis management
  • Strategic Crisis Management for CXO Level
  • CBCI Course instructor.
  • Masterclass for Crisis Managers
  • ICS Operations
  • Specific (Crisis, Media, HR, ITDR, BIA, Exercises, Internal Auditor) courses
  • Wrote, produced and directed several corporate video training films.


Rehearsals and DR Tests

  • Facilitated technical ITDR tests for infrastructure, environments, platforms, applications and data.
  • Facilitated technical and business process rehearsals for data breaches and cyber-attacks.
  • Facilitated emergency response, crisis management and business continuity exercises.

Professional Qualifications

  • Fellow of the Business Continuity Institute (FBCI)
  • Lead Auditor ISO 22301, ISO 27001