In the risk evaluation phase, there are a number of key areas that must be covered. One of the most important is to understand probable threats. In an ideal world, which most of us have noticed does not exist, we would identifyprotect ourselves against all threats to ensure that our business continues to survive. Obviously, we are constrained by other factors such as budgets, timeprioritiesneed to apply cost benefit analysis to ensure we are protecting the most critical Business functions.

A second important step is to identify all probable threatsprioritize them. Threats, typically, can be classified in several ways such as internal/external, man-made/natural, primary/secondary, accidental/intentional, controllable/not controllable, warning/no warning, frequency, duration, speed of onset etc. While classifying threats is helpful in terms of understanding their characteristicspotential controls, groupingunderstanding by Business impact is also important. Obviously, the same impact can result from a number of different threats.

Identifying mission critical business processessystems is another fundamental building block of the business continuity plan. After your critical business processessystemsprobable threats are established, the next step is to identify vulnerabilitiesloss potential. This requires an extensive scan of the organization to identify vulnerabilitiesthen analysis to understand those vulnerabilities which would have the greatest impact on your critical Business processesthe organization. This starts to clarifyquantify potential losses, which helps to establish priorities.

Following the identification of the most probable threatsvulnerabilities, an analysis of existing controls is needed. This spans physical security as well as people, processes, data, communicationsasset protection. Some controls such as physical securitydata backup are obvious. Other controls required are often less obvious,8ttt8.comthey can be identified through the risk evaluation process.

Once the key building blocks of critical business functions, most probable threats, vulnerabilitiescontrols are identified, the next stage is to develop an understanding of the probability of threats factored by the severity or impact of the threats. This leads to the Business impact analysis phase which establishes priorities for protection.

The goal is to minimize threats, impactsdowntimeto mitigate any losses. Fundamentally, the goal is to protect your people, protect your data, protect your vital communications, protect your assetsto protect your brandreputation. Overall, of course, the goal is to ensure your Business continues to operateto do it in a cost-effective way meeting standards of reasonableprudent judgment.

About The Author

Robert Mahood has significant technologymanagement experience in data communications, internet, storage, disaster recoverydata recovery. He is currently the president of Midwest Data Recovery. midwestdatarecovery

bmahood@midwestdatarecovery, 312 907 2100 or 866 786 2595