Through Business Impact Analysis and the identification of critical business process recovery strategies, areas that could benefit from risk mitigation may become visible to management and instigate proactive changes. If the level of risk is deemed unacceptable after completion of the business impact analysis, additional recovery options or strategies may need to be developed.
The process of risk mitigation for the core business processes may be effective, fiscally wise, and limit down time due to unforeseen circumstances. By establishing procedures that would decrease risk and increase recovery time, companies can potentially limit their losses.
Risk Mitigation measure to consider:
- Risk Mitigation Measures include arrangements, procedures, and assets that can directly minimize the impact or likelihood of the threat, or simplify or automate recovery requirements.
- Examples include; purchasing backup generator, routine data backups, develop response procedures, exercise emergency plans, etc.
- Identify Cost of Mitigation Measures: Estimate the cost for implementation of mitigation measures specific to each process.
- Update the Recovery Point Objective: Assuming that the mitigation measures identified in the Risk Mitigation Measures are fully implemented. Is data recovery still required? If so, how soon should it be recovered (i.e. last weekly backup, last monthly backup, etc.)?
- Update the Impact Level: Assuming that the mitigation measures identified are fully implemented.
- Update the Likelihood Level: Assuming that the mitigation measures identified are fully implemented.
- Update the Recovery Time: Assuming that the mitigation measures identified are fully implemented. Is recovery of this process still required within the specified time frame? How soon should it be recovered?
For tips and best practices on designing a crisis management program, download Tips for Effective Exercises.