Risk Management is the process of defining risks for your business and formalizing a treatment.
Assessing the risks that may impact your business before an incident and then developing a plan to either avoid such incidents or mitigate its affect can make all the difference in continuity of your business.  These steps will help with risk management:

  • Risk Assessment Methodology    

    Define the method regarding how you are going to perform the risk assessment in order that the whole organization is doing it the same way.  Defining the process will eliminate any problems for your business as a whole.

  • Risk Assessment Implementation

    Once you know the process, you can start by finding out which potential problems the business may face; list all the assets, then threats and vulnerabilities related to those assets, assess the impact and likelihood for each combination of assets/threats/vulnerabilities, and finally calculate the level of risk.

  • Risk Treatment Implementation

    Of course, not all risks are created equal.  It is best to focus on the most important ones, the
    ‘unacceptable risks’.  Options to mitigate unacceptable risks are:

    • apply security controls;
    • mitigate risk to such as purchasing insurance;
    • avoid the risk by stopping an activity that is too risky, or by doing it in a completely different fashion, such as implementing safety precautions;

    Costs for mitigating risks should be taken into account, as sometimes the cost is higher than the risk.  All factors need to be explored.

  • Risk Assessment Report

    Document the process and the outcomes.  Review the report every year, remember to look at any changes that have occurred within your organization.

  • Statement of Applicability

    This document actually shows the security profile of your company – based on the results of the risk treatment you need to list all the controls you have implemented, why you have implemented them and how.

  • Risk Treatment Plan

    The purpose of Risk Treatment Plan is to define exactly who is going to implement each control, in which timeframe, and what the budget is.  Make sure the whole organization is in agreement with the plan as it will take time, effort, and money to implement.

Creating a risk analysis for your business is the most important step at the beginning of a business continuity plan and then determining to either remove the risk or mitigate it to ensure a viable business.


Download an editable version of the
Household Emergency Plan