Disaster Recovery Business Continuity Plan Creation
Risk Assessment – Step 1
The first step in creating a disaster recovery plan (see Disaster Recovery Planning Template Business Continuity) is conducting a risk analysis of your business operation, (see Threat Vulnerability Assessment - Sarbanes Oxley Compliance Tool) computer applications, and your computer systems. List all the possible risks that threaten the continuity of your business operations, system uptime, and evaluate how imminent they are in your particular IT entity. Anything that can cause a system outage is a threat, from relatively common man-made threats like virus attacks and accidental data deletions (most common occurrence) to more rare natural threats like floods and fires. Determine which of your threats are the most likely to occur and prioritize them using a simple system: rank each threat in two important categories, probability and impact. In each category, rate the risks as low, medium, or high.
For example, a small distribution company (revenues of $25,000,000) located in Florida could rate a hurricane an high probability with a high impact, an earthquake threat as low probability and high impact, while the threat of utility failure due to a power outage could rate high probability and high impact. So in this company's risk analysis, a hurricane and power outage would be a higher risk than an earthquake and would therefore be a higher priority in the disaster recovery plan.