All business continuity analysis should be risk based, and risk prioritised to deal with the important business risks first. This means that any risks to your business need to be identified, examined and dealt with.
There are 4 options for dealing with each risk:
1. Reduce the risk. Reducing the risk falls into 2 categories - reducing the likelihood of the problem occurring and reducing the impact of the problem if it does happen. A simple example is that by having a fire alarm you are reducing the likelihood of a fire spreading unseen and by installing a sprinkler system you are reducing the impact of fire.
Reducing the risk is often referred to as mitigation. For example, data backups are a form of mitigation. They reduce the impact if a problem occurs which affects the primary data source. Any mitigating actions require testing to provide assurance they work when required.
2. Transfer the risk. This is an interesting option which may be seen as a get-out, but which is a perfectly valid thing to do. By transferring a risk it becomes someone else's problem and you therefore have the risk covered. We are not talking about blaming someone else, or even transferring the risk to someone else in the company.
For example, there could be a risk that office space will not be available in the case of a disaster in the main location. Therefore the risk can be transferred to a third party company which organises office space for disaster recovery and keeps offices available for companies who need such a recovery service.
3. Accept the risk. By accepting the risk of a potential problem you are at least aware of its existence and can plan for it happening. If it is a risk that would have no impact for an acceptable period of time it should still be noted but you may decide to take no action until it occurs.
Almost by definition, accepting a risk is also reducing the impact of the risk as you are aware of the potential problem and can write it into your business continuity plan.
4. Ignore the risk. This option should never be selected. There is never a reason for ignoring a risk once it has been identified. A risk can be accepted (acknowledged) but must never be ignored.
Once the actions for each risk have been identified, then anything put in place to help cope with a risk needs testing. However, many companies either test nothing at all or try testing every facet of a business continuity plan. Both methods are doomed to failure. The answer is to adopt a risk based testing approach from two perspectives: the business continuity plan is fit for purpose and it will work when invoked.
A health check (testing the plan is fit for purpose) needs to be performed by someone other than the authors of the business continuity plan. Ideally it's performed by an independent third party that specialises in testing business continuity plans, but it could be a disinterested party from another part of the company. Independence is essential here for an objective assessment.
Testing the plan will work when invoked, must be viewed in a business context and the elements of the plan prioritised so that the risks with the most business impact and likelihood are tested first. This approach and the techniques to perform business continuity testing in a cost effective manner are the subject of other articles.
Copyright Acutest UK 2005
A Streeb is an experienced practitioner of business continuity testing at Acutest, an independent consultancy specialising in business continuity assurance and software testing services. For more information on this topic visit http://www.acutest.co.uk or send an email to enquires@acutest.co.uk
Digging To The Root Of Your Problem Most people have some aspects of themselves that they would like to change. But how often do you dig deeply to find the root of the problem? You have to addres...
Trade Show Victory! There's a right way and a wrong way to participate in a trade show. Make sure you do it the right way and make the most of EVERY trade show you participate in.
Self-Esteem: You Matter Do you ever feel like you're invisible? Like you don't matter? Like no one cares? It is the intention of this article to change your mind.
The History of Cuckoo Clocks Although the exact date remains a mystery, it is commonly thought that cuckoo clocks first made their appearance around 1730 in the Black Forest area of Germany...
Budgeting is Essential for a Single Mothers Success Today many women are struggling with debt and it's even harder if you are a single mother trying to support your family. According to the Census Bureau single ...
Stop Patching Yourself Together find the faith to cope with the troubles of our time. Learn how to stop patching yourself together with the Faith Patch Manual
How to Create Incredible Characters Easily Creating incredible characters can be easy if you know of a few simple rules: Each character should have his own voice. If your character is from Brooklyn, gi...
Come With Me To The Casbah! A ripe persimmon is a thing of beauty - sweet, succulent and an amazing shade of orange-red. Orange and red continue to be popular colors in decorating this yea...
How I Get Joy as a Value In the last couple of months, I have been fortunate to be able to share the troubles of others. Why fortunate? I believe that the ability to be very close to th...
A $100,000+ Discount On Miami Condos Right now, there are opportunities to save over $100,000 are condos in the Miami condo market. While preconstruction purchases are the craze there in Florida,...
Islamic World Domination Who are these people? Why are they willing to go to such desperate lengths? Why are their own lives apparently expendable? Why do they target innocent civilians...
Know Thyself: MBTI or DiSC Dr. Mike Beitler explains what the Myers-Briggs Type Indicator and the DiSC Profiler reveal about your personality and preferences. He compares the two instrume...
Bridal Shower Games - How to Pick Them Wow! So you are having a Bridal Shower! Fantastic but how do you decide what games to pick? Bridal Shower Games can take you back to your childhood..........
Print this page