In disaster recovery (DR) planning, once you've completed a business impact analysis (BIA), the next step is to perform a risk assessment. The risk assessment should be able to help you identify events that could adversely impact your organization.
To get started with a risk assessment, begin by identifying the most critical business processes from the business impact analysis.
Government agencies such as the Federal Emergency Management Agency (FEMA), Department of Homeland Security, U.S. An excellent document to assist you in preparing a risk assessment comes from the National Institute for Standards and Technology (NIST). The risk analysis involves risk identification, assessing the likelihood of the event occurring, and defining the severity of the event's consequences. The sequence in which these measures are implemented depends to a large extent upon the results of the risk assessment. This chart identifies natural and man-made disasters that could adversely impact an organization. Once the risks have been identified, you'll want to identify the potential effects, symptoms and consequences resulting from the event. Quantitative methods, which assign a numeric value to the risk, usually require access to reliable statistics to project the future likelihood of risk. Once all relevant risks have been analyzed and assigned a qualitative category, you can then examine strategies to deal with only the highest risks, or you can address all risk categories.
About the author: Paul Kirvan, CISA, CISSP, FBCI, CBCP, has more than 20 years of experience in business continuity management as a consultant, author and educator. Disaster recovery risk assessment and business impact analysis (BIA) are crucial steps in the development of a disaster recovery plan.
To do that, let us remind ourselves of the overall goals of disaster recovery planning, which are to provide strategies and procedures that can help return IT operations to an acceptable level of performance as quickly as possible following a disruptive event. Having established our mission, and assuming we have management approval and funding for a disaster recovery initiative, we can establish a project plan.

A disaster recovery project has a fairly consistent structure, which makes it easy to organise and conduct plan development activity. As you can see from The IT Disaster Recovery Lifecycle illustration, the IT disaster recovery process has a standard process flow. Following the BIA and risk assessment, the next steps are to define, build and test detailed disaster recovery plans that can be invoked in case disaster actually strikes the organisation’s critical IT assets. Detailed response planning and the other key parts of disaster recovery planning, such as plan maintenance, are, however, outside the scope of this article so let us get back to looking at disaster recovery risk assessment and business impact assessment in detail. Working with IT managers and members of your building facilities staff as well as risk management staff if you have them, you can identify the events that could potentially impact data centre operations. Supply chain disruptions present a key risk, said Susan Young, MBCI, a risk management professional with a London-based insurance company.
Water damage is a key risk to organisations in the UK, and sometimes the source can be so obvious it gets overlooked, said 2C’s Barnes. A BIA attempts to relate specific risks to their potential impact on things such as business operations, financial performance, reputation, employees and supply chains. Read our guide on how to prepare a risk assessment, and then download our free risk assessment template. The BIA helps identify the most critical business processes and describes the potential impact of a disruption to those processes, and a risk assessment identifies internal and external situations that could negatively impact the critical processes.
Read our guide, and then download our free risk assessment template, which is available as a Word doc or PDF. The document is Special Publication 800-30, Risk Management Guide for Information Technology Systems. It may also be useful to conduct a vulnerability assessment, which helps identify situations in which the organization may be putting itself at increased risk by not performing certain activities. By contrast, man-made events are those in which an individual or multiple persons may be held accountable for contributing to the event(s) that caused the disaster. This will depend on management's risk appetite, which is their willingness to deal appropriately with risks.

But, before we look at them in detail, we need to locate disaster recovery risk assessment and business impact assessment in the overall planning process. The risk assessment will also help you determine what steps, if properly implemented, could reduce the severity of the event. An example may be the increased risk of virus attacks by not using the most current antivirus software. The strategies you define for risks can next be used to help design business continuity and disaster recovery strategies. The final column lists the product of likelihood x impact, and this becomes your risk factor. Use our risk analysis template to list and organize potential threats to your organization. Finally, the risk analysis results are summarized in a report to management, with recommended mitigation activities. In our risk analysis template, you will find columns that allow you to assign qualitative terms to each of the risks to your organization. Numbers in between can represent the result of a statistical analysis of threat data and company experience. Next, the risk assessment examines the internal and external threats and vulnerabilities that could negatively impact IT assets. Those events with the highest risk factor are the ones your disaster recovery plan should primarily aim to address. Regardless of the methodology, the results should map to the critical business processes identified in the business impact analysis, and can help define strategies for responding to the identified risks.

Emergency response volunteer london
Government emergency management
Long term emergency food storage list


  1. 23.12.2013 at 18:20:38

    Band (CB) radio, transportable "walkie-talkies" with via fermentation the wire introduces a shock hazard. Will nonetheless.

    Author: xanim_qiz
  2. 23.12.2013 at 15:17:32

    Expires in 90 days (except exactly where.

    Author: Seva_19
  3. 23.12.2013 at 15:47:15

    Produced by a detonation that is drastically higher enough.

    Author: 0f
  4. 23.12.2013 at 20:11:22

    Web page and the debunks some broadly accepted notions.

    Author: NEQATIF