INTRODUCTION
This paper provides a resource kit which will help business continuity planners with their risk and hazard assessment processes and their business impact analysis. For those working with the NFPA 1600 business continuity standard it will help ensure compliance with the requirement that:
"The entity shall identify hazards, the likelihood of their occurrence, and the vulnerability of people, property, the environment, and the entity itself to those hazards" (Ref 3-3 of The Standard on Emergency/Disaster Management and Business Continuity Programs - NFPA 1600); and
"A continuity of operations plan shall identify the critical and time-sensitive applications, processes, and functions to be recovered and continued, as well as the personnel and procedures necessary to do so, such as business impact analysis, and business continuity management" (Ref 3-6 of The Standard on Emergency/Disaster Management and Business Continuity Programs - NFPA 1600)
The paper offers a Problem Definition framework, which includes:
* Mapping the context - of the entity, hazards and existing capabilities.
* Identifying and researching features of hazards to which the entity may be exposed.
* Generating scenarios by identifying what, why, where, when and how events could effect the entity.
* Considering and analysing the range of potential consequences and how likely those consequences are to occur in the context of existing capabilities.
* Comparing estimated levels of risk against predetermined assessment criteria - this enables judgments to be made about management priorities.
The paper also leads readers through the Business Impact Analysis process, applying the following steps:
1. Develop an entity profile.
2. Identify and profile hazards.
3. Establish risk assessment criteria.
4. Create and apply impact scenarios.
5. Compare and prioritise risks.
Author: John Salter, Director, EPCB, epcb@emergencyriskmanagement.com
www.emergencyriskmanagement.com
No comments:
Post a Comment