TABLE OF CONTENTS Risk management includes the three elements of the risk assessment: threat assessment, vulnerability assessment, and impact analysis. This information is the input to the risk mitigation phase that concludes the risk assessment portion of the business continuity and disaster recovery project work.
The first step in business continuity and disaster recovery planning is the risk assessment. Included here are top-level items that should be included. You can modify this list to suit your specific needs. Refer to the specific chapters for detailed information on these topics.
Identify all natural threats.
Identify all man-made threats.
Identify all IT and technology-based threats.
Identify all environmental/infrastructure threats.
For each threat, identify threat sources.
For each threat source, identify the likelihood of occurrence.
Based on likelihood of occurrence, assess company's vulnerability to each threat source.
Based on likelihood and vulnerability, prioritize list of threats to company.
Based on prioritized list of threats, assess impact of each threat on business operations.
Based on threats, perform upstream and downstream loss analysis.
Prioritize business functions into mission-critical, important, minor (you can customize categories to suit your needs).
For each mission-critical business function, assess the impact of the loss of this function.
For each mission-critical business function, assess the impact of various threats to this function.
Develop a prioritized list of mission-critical business functions with the highest business impact.
For the highest priority functions, identify the recovery time requirements including maximum tolerable downtime (MTD).
For business systems, business functions,...
