Difference between revisions of "Part 3: RAR - Risk Analysis v2"

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Jump to navigation Jump to search
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
{{Button Back BCM RAR}}
+
{{Button Back BCM RAR}} {{Template:Planning Methodology RAR}}
 
After identifying the list of threats faced by the organisation in the previous section, participants will then proceed to the Treatment and Control section
 
After identifying the list of threats faced by the organisation in the previous section, participants will then proceed to the Treatment and Control section
  
 +
[[Image:RAR RiskAnalysis 2.0.jpg|thumb|800px|right|Part 3: Risk Analysis]]
 +
 +
= '''Threat Name''' =
 +
*The name of each threat identified in [[Part 1: RAR - List of Threats v2|List of Threats]]. BCM Coordinators are to ensure that all threats that have been highlighted in the previous section are represented here under the threat column.
 +
= '''Impact Area''' =
 +
*[[Risk Impact]] or Impact Area analyzes the potential human impact on the organization such as the possibility of facilities being inaccessible, revenue being disrupted, personnel being killed, injured, or rendered ineffective and by each type of threat. Impact Area can be divided into 7 main categories:
 +
**Finance
 +
**Operations
 +
**Legal & Regulatory
 +
**Reputation & Image
 +
**Social Responsibility
 +
**People
 +
**Assets/IT Systems/Information
 +
 +
= '''Highest Impact Area''' =
 +
*Based on all 7 categories of Impact Area in the prior section, Highest-Impact Area takes the highest Impact Rating from all 7 categories
 +
 +
= '''Risk Likelihood''' =
 +
*[[Risk Likelihood]] is the probability/chance of a threat happening
  
[[Image:RAR RiskAnalysis 2.0.jpg|thumb|550px|right|Part 3: Risk Analysis]]
+
= '''Risk Rating''' =
 +
*[[Risk Rating]] is the result of the multiplication of the assigned value for Risk Likelihood against the assigned value of the Highest Risk Impact. The result is the Risk Rating of an individual threat.
  
*'''Threat Name'''
+
= '''[[Risk Level]]''' =
**The name of each threat identified in [[Part 1: RAR - List of Threats v2|List of Threats]]. BCM Coordinators are to ensure that all threats that have been highlighted in the previous section are represented here under the threat column.
+
*[Risk Level]] is the overall level of assessed risk for an individual threat to the organization
'''Impact Area'''
 
**[[Risk Impact]] or Impact Area analyzes the potential human impact on the organization such as the possibility of facilities being inaccessible, revenue being disrupted, personnel being killed, injured, or rendered ineffective and by each type of threat. Impact Area can be divided into 7 main categories:
 
***Finance
 
***Operations
 
***Legal & Regulatory
 
***Reputation & Image
 
***Social Responsibility
 
***People
 
***Assets/IT Systems/Information
 
  
*'''Highest Impact Area'''
+
= '''Expected Period of Disruption''' =
**Based on all 7 categories of Impact Area in the prior section, Highest Impact Area takes the highest Impact Rating from all 7 categories
 
*'''Risk Likelihood'''
 
**[[Risk Likelihood]] is the probability/chance of a threat happening
 
*'''Risk Rating'''
 
**[[Risk Rating]] is the result of the multiplication of the assigned value for Risk Likelihood against the assigned value of the Highest Risk Impact. The result is the Risk Rating of an individual threat.
 
*'''[[Risk Level]]'''
 
**[Risk Level]] is the overall level of assessed risk for an individual threat to the organization
 
== '''Expected Period of Disruption''' ==
 
 
{{Button Back BCM RAR}}
 
{{Button Back BCM RAR}}
** Expected [[Period of Disruption]] is the expected residual disruption resulting from each identified threats, taking into consideration existing controls. The period of disruption is an estimated duration during which the organization’s operations are disrupted (operationally), or access to the primary location is denied (infrastructure). For example, if the Expected Period of Disruption for any given threat is stated as 5 days, the organization will be disrupted for that amount of time.
+
* Expected [[Period of Disruption]] is the expected residual disruption resulting from each identified threats, taking into consideration existing controls.  
 +
* The period of disruption is an estimated duration during which the organization’s operations are disrupted (operationally), or access to the primary location is denied (infrastructure).  
 +
* For example, if the Expected Period of Disruption for any given threat is stated as 5 days, the organization will be disrupted for that amount of time.

Latest revision as of 15:44, 16 January 2020

BackBCM RAR.png
BCM Planning Methodology RAR.jpg

After identifying the list of threats faced by the organisation in the previous section, participants will then proceed to the Treatment and Control section

Part 3: Risk Analysis

Threat Name

  • The name of each threat identified in List of Threats. BCM Coordinators are to ensure that all threats that have been highlighted in the previous section are represented here under the threat column.

Impact Area

  • Risk Impact or Impact Area analyzes the potential human impact on the organization such as the possibility of facilities being inaccessible, revenue being disrupted, personnel being killed, injured, or rendered ineffective and by each type of threat. Impact Area can be divided into 7 main categories:
    • Finance
    • Operations
    • Legal & Regulatory
    • Reputation & Image
    • Social Responsibility
    • People
    • Assets/IT Systems/Information

Highest Impact Area

  • Based on all 7 categories of Impact Area in the prior section, Highest-Impact Area takes the highest Impact Rating from all 7 categories

Risk Likelihood

Risk Rating

  • Risk Rating is the result of the multiplication of the assigned value for Risk Likelihood against the assigned value of the Highest Risk Impact. The result is the Risk Rating of an individual threat.

Risk Level

  • [Risk Level]] is the overall level of assessed risk for an individual threat to the organization

Expected Period of Disruption

BackBCM RAR.png
  • Expected Period of Disruption is the expected residual disruption resulting from each identified threats, taking into consideration existing controls.
  • The period of disruption is an estimated duration during which the organization’s operations are disrupted (operationally), or access to the primary location is denied (infrastructure).
  • For example, if the Expected Period of Disruption for any given threat is stated as 5 days, the organization will be disrupted for that amount of time.