Business Continuity Planning:
All the Right Moves
Everywhere in today's business environment there are threatening concerns - of natural disasters, of man-made incidents both intentional and accidental, of power outages and telecommunications failures…and scores of other perplexities. To countermand these concerns, one needs a business continuity strategy - an overarching plan based on the ability to anticipate, to assess the measure of an opponent, and to know where threats (both internal and external) lie.
Your best move - the Risk Analysis - identifies the "how, what, and where" of potential risks and their accompanying consequences. A brief outline of sound risk analysis will serve as a framework for later discussions addressing BCP vertical market concerns in the manufacturing, healthcare, utilities, and pharmaceutical industries.
Identify and evaluate specific threats and risks that would have the greatest likelihood of occurrence within your business environment, and those that would have the greatest impact on your organization enterprise-wide. Be mindful that the geographies of any respective business locations possess their own unique risk scenarios, from environmental issues to political regimes, operational processes, and social and economic factors.
Define and classify disaster scenarios (typically geographically-oriented) to differentiate from preventive, impact-minimizing, and recovery solutions and choose the response strategy most applicable to your organization.
Assess the controls in place to reduce the impact probability of an identified threat. Typical controls include additional equipment like UPS systems, generator systems or lock down systems.
Perform a gap analysis in comparison to industry recognized best practices, and determine possible controls and risk management environment enhancements.
|
Threat Category
|
Threats
|
||
| Naturally Occurring | • Tornado • High Winds • Thunder/Electrical Storms • Ice Storm |
• Snowstorm/Blizzard • Flooding • Earthquake • Epidemic |
• Major Landslide • Hurricane/Typhoon • Tropical Storm |
| Man-made (Intentional & Accidental) |
• Data Theft • Building Physical Security Weakness • Fire • Toxic Contamination • Arson |
• Sabotage: External/Internal • Workplace Violence • Terrorism • Bomb Threat • Riot/Civil Disorder • Fraud/Embezzlement |
• Vandalism • Physical Asset Theft • Misuse of Resources • Aircraft Crash • Accidental Explosion: On/Off Site Water Leak/Plumbing Failure |
| Business | • Power Outage: External • Labor Dispute/Strike • Employee Turnover/Single Point of Failure |
• Power Outage: Internal • Unavailability of Key Personnel • Human Error: Operations • Gas Outage |
• Water Outage • Loss of Transportation • Human Error: Maintenance • Single Source Suppliers |
| Information Technology | • Voice & Data Telecommunications
Failure • IT equipment Failure • Human Error: Programmers/Users |
• Security Vulnerability: Internal/External
• Data & Software Sabotage • In-house Developed Application Failure |
• HVAC Failure/Temperature Inadequacy
• Purchased Software Failure |