Disaster Planning Risk Assessment


The Standard for Disaster Recovery and Business Continuity

Order Disaster PlanDisaster Plan TemplateDisaster Plan Customers


A major part of the disaster recovery planning process is the assessment of the potential risks to the organization which could result in the disasters or emergency situations themselves. It is necessary to consider all the possible incident types, as well as and the impact each may have on the organization's ability to continue to deliver its normal business services.

Risk Score

This can be complex and demanding. To assist in this risk assessment process Janco has provided a number of tools. the Exhibit on the right is one such example.

There are many potential disruptive events and the impact and probability level must beassessed to give a sound basis for progress. To assist with this process the following list of potential events has been produced:

Types of Disaster

Environmental Disasters

  • Tornado
  • Hurricane
  • Power Grid Failure
  • Flood
  • Snowstorm
  • Ice Storms
  • Earthquake
  • Electrical storms
  • Brush Fire
  • Forest Fire
  • Structure Fire
  • Sink Holes
  • Landslides

Man Made Disruptions

  • Terrorist Attack
  • Sabotage
  • War
  • Theft
  • Arson
  • Labor Disputes

Equipment or System Failure

  • Internal power failure
  • Air conditioning failure
  • Cooling plant failure
  • Equipment failure

IT Failures and Security Breaches

  • Cyber crime
  • Loss of records or data
  • Disclosure of sensitive information
  • IT system failure

The Disaster Recovery / Business Continuity Template includes a threat and vulnerability assessment tool to aid you in classifying the risks enterprises face.

 

    Order Disaster Plan      Disaster Plan Sample

 

 

 

 

 

Disaster Recovery / Business Continuity Risk Assessment News



ISO 17799 - disaster recovery - business continuity defined

SO 17799 is often used as a generic term to describe what are actually two different documents: ISO17799 (also ISO 27002), which is a set of security controls (a code of practice), and ISO 27001 (formerly BS7799-2), which is a standard 'specification' for an Information Security Management System (an ISMS).

DRP Security Template  DRP BCP Audit

ISO 17799 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 17799:2005 contains best practices of control objectives and controls in the following areas of information security management:

  • security policy;
  • organization of information security; 
  • asset management;
  • human resources security;
  • physical and environmental security;
  • communications and operations management;
  • access control;
  • information systems acquisition, development and maintenance;
  • information security incident management;
  • business continuity management;
  • compliance.

The control objectives and controls in ISO/IEC 17799 are intended to be implemented to meet the requirements identified by a risk assessment. ISO/IEC 17799 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities

- more info


Disaster Planning is Complex

An increasing number of professionals know that small-scale emergencies can be contained if staff members are prepared to react quickly. Damage can be limited even in the face of a large-scale disaster. For example, cultural institutions in Charleston, South Carolina, formed a consortium that focused on disaster preparedness several years before they were hit by a hurricane. Many of those institutions sustained only minor damage because they were able to put their early warning procedures into operation.

Disaster planning is complex; the written plan is the result of a wide range of preliminary activities. The entire process is most efficient if it is formally assigned to one person who acts as the disaster planner for the institution and is perhaps assisted by a planning team or committee. The enterprise's director may play this primary role or may delegate the responsibility, but it is important to remember that the process must be supported at the highest level of the organization if it is to be effective. The planner should establish a timetable for the project and should define the scope and goals of the plan, which will depend largely on the risks faced by the enterprise.

- more info


Disaster recovery business continuity team leader tasks

The tasks that the leader of a disaster recovery business continuity project needs to complete are:

  •  Establish BC program lifecycle processes within your organization
  • Assess business and technology requirements for a BC plan
  • Evaluate business continuity risks to your organization
  • Identify and select cost-effective BC recovery strategies
  • Organize an effective BC team
  • Develop a BC plan document
  • Coordinate BC plan with external entities
  • Develop an effective test plan for testing the BC plan
  • Organize and conduct successful BC plan tests
  • Establish a process for maintaining the BC plan
  • Implement a BC plan change management process
  • Understand the main differences between a disaster recovery plan, emergency response plan, crisis management plan, and business continuity plan
- more info


Business continuity after a terroist attack or a pandemic

Most aspects of business continuity and disaster recovery planning apply to terrorist attacks and pandemics just as much as to fires, hurricanes, floods, earthquakes, and other natural and manmade disasters.  Business Continuity However, there are a number of areas that need to be re-visited because of the uniqueness of these types of interruptions. 

  • Communication - While communication is important in any disaster recovery scenario, it is particularly critical in the event of a terrorist attack or a pandemic. Employees and their families may be personally threatened, and they may be exposed to rumors and panics, it is particularly important that they receive accurate, up-to-date information on safety and health issues. Employees also need detailed information on company policies and procedures for working in the new environment, and open communication channels to company officials to help resolve personal and work-related issues in high-stress situations.
  • Security and Connectivity - Enterprises must plan to provide secure and reliable access to corporate networks for employees who work in their homes, hotels, or other remote locations. Administrators must have a plan for distributing software to remote computers, ensuring security on computers outside of the corporate firewall, and providing backup and data encryption capabilities to mitigate the risk of mobile devices with sensitive data being lost or stolen.
  • Collaboration and Re-Engineered Processes - Planners and developers must re-engineer business processes so they can continue without face-to-face interaction between employees.

 

- more info


Business continutiy defined

Disaster Recovery Plan Template
In the simplest of terms, it is good business for a company to secure its assets. CIO under the direction of CEOs and enterprise shareholders must be prepared to budget for and secure the necessary resources to support business continuity.

It is necessary that an appropriate administrative structure be created to effectively deal with crisis management. This will ensure that all concerned understand who makes decisions, how the decisions are implemented, and what the roles and responsibilities of participants are. Personnel used for crisis management should be assigned to perform these roles as part of their normal duties and not be expected to perform them on a voluntary basis. Regardless of the organization - for profit, not for profit, faith-based, non-governmental - its leadership has a duty to stakeholders to plan for its survival.

OrderDownload Table of Contents

With the explosion of technology into every facet of the day-to-day business environment there is a need to define an effective infrastructure to support operating environment; have a strategy for the deployment and technology; and clearly define responsibilities and accountabilities for the use and application of technology.

The template comes as both a WORD document utilizing a CSS style sheet that is easily modifiable. 

- more info