|
Everywhere in today's business environment there are threatening
concerns - of natural disasters, of man-made incidents both intentional
and accidental, of power outages and telecommunications failures…and
scores of other perplexities. To countermand these concerns, one
needs a business continuity strategy - an overarching plan based
on the ability to anticipate, to assess the measure of an opponent,
and to know where threats (both internal and external) lie.
Your best move - the Risk Analysis - identifies the "how, what,
and where" of potential risks and their accompanying consequences.
A brief outline of sound risk analysis will serve as a framework
for later discussions addressing BCP vertical market concerns in
the manufacturing, healthcare, utilities, and pharmaceutical industries.
Identify and evaluate specific threats
and risks that would have the greatest likelihood of occurrence
within your business environment, and those that would have the
greatest impact on your organization enterprise-wide. Be mindful
that the geographies of any respective business locations possess
their own unique risk scenarios, from environmental issues to political
regimes, operational processes, and social and economic factors.
Define and classify disaster scenarios
(typically geographically-oriented) to differentiate from preventive,
impact-minimizing, and recovery solutions and choose the response
strategy most applicable to your organization.
Assess the controls in place to
reduce the impact probability of an identified threat. Typical controls
include additional equipment like UPS systems, generator systems
or lock down systems.
Perform a gap analysis in comparison
to industry recognized best practices, and determine possible controls
and risk management environment enhancements.
|
Threat Category
|
Threats
|
| Naturally Occurring |
• Tornado
• High Winds
• Thunder/Electrical Storms
• Ice Storm |
• Snowstorm/Blizzard
• Flooding
• Earthquake
• Epidemic |
• Major Landslide
• Hurricane/Typhoon
• Tropical Storm |
Man-made (Intentional & Accidental)
|
• Data Theft
• Building Physical Security Weakness
• Fire
• Toxic Contamination
• Arson |
• Sabotage: External/Internal
• Workplace Violence
• Terrorism
• Bomb Threat
• Riot/Civil Disorder
• Fraud/Embezzlement |
• Vandalism
• Physical Asset Theft
• Misuse of Resources
• Aircraft Crash
• Accidental Explosion: On/Off Site Water Leak/Plumbing Failure
|
| Business |
• Power Outage: External
• Labor Dispute/Strike
• Employee Turnover/Single Point of Failure |
• Power Outage: Internal
• Unavailability of Key Personnel
• Human Error: Operations
• Gas Outage |
• Water Outage
• Loss of Transportation
• Human Error: Maintenance
• Single Source Suppliers |
| Information Technology |
• Voice & Data Telecommunications
Failure
• IT equipment Failure
• Human Error: Programmers/Users |
• Security Vulnerability: Internal/External
• Data & Software Sabotage
• In-house Developed Application Failure |
• HVAC Failure/Temperature Inadequacy
• Purchased Software Failure |
|
