BCP Expansion of Terms

 

Threat Risk Assessment (TRA) –

While a Threat Risk Assessment (TRA) may sound daunting, it really isn’t, lets take it one step at a time to see how to get through this.  A Threat Risk Assessment is just that (HINT: with most BCP terms, if you reverse the words, the term will make more sense.  For example, a Threat Risk Assessment is an Assessment of your Risks and Threats).  You don’t have to worry about your individual business processes yet; at this step you are just trying to determine if the threat is possible or not and the overall impact on your business.

  • Research and compile a comprehensive list of threats to your business.
  • Assess whether each of those threats could affect your business.
  • Determine the likelihood of each threat actually occurring, the lead time you/your team will have before it strikes and the impact on your business.
  • Prioritize the list of threats based on your results.

See!  Not so bad!!  But if this still seems like more than you can (or are willing) handle, check out our services team as they do these all the time and can be of great assistance.  If you don’t have the budget for our services (or you want to learn the entire process), our SHIELD Gold and Platinum editions have a TRA tool built right into them

 

Business Impact Analysis (BIA) –

With your threats identified and prioritized, now you get to see how they will impact your business by completing a BIA.  At this point, it is best to work with other departments to see how they will be impacted by any threat.  Do not assume; this creates a very dangerous skewing of the results of the analysis.  Follow the logic of reversing the terminology to figure out the Maximum Tolerable Outage MTO; this means how long a business unit can survive before their lack of productivity significantly impacts the business.

  • Work with all of your departments to document a list of all critical business processes.
  • Identify the MTO and required resources for each of those business processes.
  • Prioritize the recovery of business processes based on your results.

Make sure you stress that you aren’t trying to lessen the impacts if the business unit isn’t impacted by the calculated top threats, it just means they are better prepared than other business units.  As with all facets of BCP, this portion will take time!  If you don’t have the time, check out our services team as they do these all the time and can be of great assistance.  If you don’t have the budget for our services (or you want to learn the entire process), our SHIELD Gold and Platinum editions have a BIA on top of a TRA tool built right into them.

It's only fair to share...Email this to someoneShare on FacebookTweet about this on TwitterShare on LinkedInShare on StumbleUponDigg thisShare on Reddit
Scroll Up