Part 2: RAR - Treatment and Control v2

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Revision as of 04:31, 2 January 2022 by Moh heng (talk | contribs)
Jump to navigation Jump to search
BackBCM RAR.png
BCM Planning Methodology RAR.jpg

RAR 2-1: Risk Treatment and Evaluation of Existing Controls

After identifying the list of threats faced by the organisation in the previous section, participants will then proceed to the Risk Treatment and Control section

Threat (Col 2)

RAR 2-1: Risk Treatment and Evaluation of Existing Controls

The name of each threat identified in List of Threats.

  • Organisation BCM Coordinators are to ensure that all threats that have been highlighted in the previous section are represented here under the threat column.

Existing Risk Treatment (Col 3 to 6)

Existing Risk Treatment refers to the mitigating measures already put into place by the organization to handle recognized threats. 4 risk treatments are available to address the majority of the risks posed by threats


Existing Controls (Col 7)

  • Controls are instruments or practices that are used to manage risk. All controls fall within one of the above 4 treatment options and serve as an elaboration of the existing risk treatments.
  • Existing Controls are "Controls" that are already implemented within your organization to manage the identified risk.
    • For example, if the fire is a threat, existing controls could include fire extinguishers, fire wardens, and an evacuation plan.

Additional (Planned) Controls (Col 8)

BackBCM RAR.png
  • Additional "Planned" Controls are Controls that will be identified within the questionnaire.
    • In the example of fire again, an additional control could include setting up an alternate assembly area to congregate in the event of wet weather

Instruction to BL-B-3/5 M2 Participant

  • Select at least two (2) threats from RAR 1-1 List of Threats. 
  • Complete every entry for all the columns for the two threats.
  • Remember to highlight the existing control if you have selected and inserted "Y" in one of the four "Risk Treatment" entries.  
  • It is alright to have more than one risk treatment for each selected threat
  • Do remember to propose "Additional (Planned) Controls" that you may want to recommend to your organisation.