Continuity and Disaster Recovery – In the risk evaluation phase, some main areas need to be covered. An important thing would be to understand any probable threats. Probably in an ideal world, which we know do not exist, we might be able to identify and protect ourselves from all threats to be able to ensure that our business would be able to continue surviving. We are obviously held back by the other factors like time, budget and priorities and we need to apply some kind of cost benefit analysis so that we could make sure that we are able to protect the most important business functions. Clearly, the same impact could result from different threats.
Identification of your mission critical business systems and processes would be another essential building block of planning business continuity. Once the important business systems and process as well as the possible threats have been established, you would then need to identify the loss potential and the vulnerabilities. This would require an extensive scanning of the organization to be able to identify the vulnerabilities, as well as analysis to be able to understand those particular vulnerabilities that would have the most impact on your important business processes. This would be able to start clarifying and quantifying potential losses that would help in establishing priorities.
After that, you would need to do an analysis of the existing controls. This would cover physical security, the people, data, the processes, communication, as well as asset protection.
Next would be to develop a good level of understanding of threat probability, which are factored by the impact, or severity of the threats.
Ultimately, the goal is to achieve minimal threats, downtimes, impacts and to be able to mitigate any losses. Essentially, you need to focus on protecting your people, data, vital communications, assets and your brand and reputation. This would all be to make sure that your business would be able to continue its operation through cost-effective ways.