Identifying Risks
Identifying risks is a three-step process. First is to identify the risk. Second is to rate the risk. Third is to develop a constructive and practical action plan to tackle the risks. It is advisable to follow the traditional method of identifying the risk periodically, maybe, every month or quarter.
Risk Rating
1. Use a Risk assessment card to identify risks and rate each one.
2. Develop a constructive and practical plan.
According to the assessment done, for example, if a fire is considered a primary threat, the company should draft a fire preparation programme. This will involve:
• Study and promote understanding what could happen
• Involve everyone in understanding the risks the company faces in fires and their after-effects.
• Improve all systems to resist fire and prepare for protection measures.
• Encourage use of fire-safe policies and planning.
• Keep the plan ready for fires – where would the business operate from, is the data backed up off site, how soon can alternative hardware be sources, how quickly can the online data backup be put on the new hardware, would staff know what was happening, etc.
A disaster recovery plan should be prepared based on hard facts and not assumptions or opinions.
