Beruflich Dokumente
Kultur Dokumente
Strategic
response
Identifying
the threats
Identifying
and
evaluating Identifying
risk control vulnerabilities
or mitigation
options.
Assessing
Ranking the the risks –
risks Likelihood,
Impact
RISK ASSESSMENT STRATEGY
Impact to organization for
activities not performed
BUSINESS IMPACT ANALYSIS (BIA) Input
Business Impact
Output
Analysis
Criticality, Sensitivity BC Strategy, Recovery
-Assets, Activities, Resources -RTO, RPO
Acts of nature – e.g. hurricane, flood, etc.
External man-made events – e.g. terrorism, Failure of an individual infrastructure element, including
evacuation, security intrusion, etc. single points of failure
Internal unintentional events – e.g. accidental loss Longer-term interruption of a critical information flow
of files, computer failure, etc.
Longer-term interruption of a critical business activity chain
Internal intentional events – e.g. strike, sabotage, Leads or business process
data deletion, financial wrong-doing, etc.
Legal, regulatory, compliance or governance Local longer-term business interruption
failure, which could be either intentional or
unintentional Complete business interruption
Business failure – e.g. caused by inappropriate and
unsuccessful business strategies or management.
BCS
BUSINESS CONTINUITY STRATEGY (BCS) RA
allows an appropriate response to be chosen for each product or service, such that the
organization can continue to deliver those products and services:
at an acceptable level of operation; and within an acceptable timeframe
during and following a disruption. The choice made will take account of the resilience and
countermeasure options already present within the organization.