Business Risk Assessment
Risk assessment is fundamental to developing a realistic, reliable business continuity plan. Companies that proactively consider which events are most likely to occur are able to focus disaster response planning efforts where they will yield the best return on investment – and remain better positioned to recover from a disaster.
Always base response and recovery strategies on an understanding of the threats your company faces, as well as their potential impact on business operations.
The Most Common Threats
The following list contains some common threats that may leave critical business resources and operations vulnerable.
- Natural disasters such as tornadoes, hurricanes, earthquakes, floods, lightning strikes and wildfires.
- Manmade or technological events like fires and explosions, industrial accidents, chemical/hazardous material spills, communications and utility outages, system disruptions and transportation accidents.
- Malicious attacks including terrorism, bomb threats, vandalism, threats to reputation (off- or online), protests, civil unrest/riots, robbery and armed intruders.
- Cyber attacks such as denial of service attacks, computer viruses, worms, Trojan horses, cyberwarfare and cyberterrorism.
- Loss of workforce events such as long-term disability or illness, epidemic (e.g., flu, virus outbreaks), fatalities and worker strike.
- Supply chain disruptions, which can include counterfeit parts, regulatory requirement violations and transportation disruptions.
- Human error, such as poor training, poor maintenance, carelessness, misconduct, substance abuse, fatigue and counterfeit parts.
Assessing Risk
When determining what the biggest risks are to your businesses, consider the following:
- Historical – What has happened in your community, to your facility or neighborhood before?
- Geographic – What is your proximity to flood plains, major airports, etc.?
- Physical – What is it about the design or construction of your facility/office that might make your business particularly susceptible to a certain event?
- Organizational – What is it about your employee, operational or technological infrastructure that might make your business particularly susceptible to a certain event?
- Regulatory – Is your business/industry required or mandated to prepare for any hazards?