Risk Assessment

Correctly performed, a risk assessment helps identify potential threats to the organisation along with the probability of their occurrence in a given time frame. This may well highlight threats which are hidden or unexpected and once highlighted business managers can take steps to mitigate those threats or prepare for the worst if threats are unavoidable.

The beauty of risk assessment is that many threats can be mitigated before they even occur through simple changes that may otherwise not have been obvious. It's usually easier to prevent disasters from occurring or take pre-emptive action to help cope with disasters should they occur than trying to pull things together unaided once a disaster has struck.

Although best performed with a professional, risk assessment is a fairly simple process. Below is one process that assigns a financial cost to each risk - this is useful for allocating budgets:

• Identify risks  - Brainstorm the threats your organisation faces - specifically IT threats if this is an IT risk assessment. Threats might include fire, theft, hardware failure etc.

• Calculate chance of occurrence  - How likely is it that the threat will occur in any one year? This is called the annualised rate of occurrence (ARO) and your IT or insurance company can help produce these figures.

• Calculate the cost if a risk occurs  - How much would it cost the business if the threat occurred? This is called the single loss expectancy (SLE) and must account for all lost earnings including tangible losses (such as lost hardware, lost earnings through downtime) and intangible losses (such as loss of customer confidence)

• Calculate the loss expectancy  - Using the previous two figures we can calculate the annual loss expectancy (ALE). This is the amount that we can reasonably expect a threat to cost the business each year if averaged out. ALE = SEL x ARO

Although an estimate, ALE can help you rationalise and quantify expenditure on areas such as IT security. If calculations show a threat has an ALE of £2K and mitigating that threat would cost £1K per year then taking preventative steps could save £1K per year.

Continuity systems

Geek-Guru work with clients to develop comprehensive continuity packages covering all aspects of their business. Although these systems are best used in combination the following will give an overview of the possibilities for disaster recovery.

E-mail continuity

Most of our clients use Exchange e-mail server for their business e-mail but what happens if the server is lost, stolen or otherwise inaccessible. Many business would struggle without their e-mail which is why we offer e-mail continuity solutions to provide an instantly accessible backup system should yours fail.

In the event of a server going down or loss of connectivity, your e-mail can be accessed from anywhere in the world via a simple webmail interface.

Phone continuity

Geek-Guru offer a full hosted phone system (PBX) meaning your calls can be routed to any phone in the world (BT, Mobile, VoIP etc) at the click of a button.

In the event of an office becoming inaccessible for any reason your calls can be routed to a single or multiple destinations via a simple web interface.

Couple this with a number of VoIP phones and you have a complete backup phone system ready to roll-out in seconds to any location worldwide.

Server continuity

Servers form the backbone of most organisations IT. From e-mail to file stores, databases to security; the loss of a server can mean significant downtime.

Although not a cheap option it's possible to mirror servers so the loss of one will not result in any downtime for the business. For even greater continuity the mirrored server can be located offsite, in a data centre, meaning your business could be picked up and relocated anywhere in the world without any loss of server access.

Full office continuity

Although generally the preserve of large organisations hot-sites and warm-sites are becoming increasingly popular with mid sized enterprises.

These are alternative offices pre-configured with internet and phone access that business can utlilise in the event of a loss of their primary business premises.

As with all aspects of BCP, these technologies are not intended for use once the problem has already occurred. They take time to set up and configure so planning and preparation are the key.

For more information or to discuss any of the issues raised in these newsletters please get in touch and we'll be happy to help.

Cloud computing and BCP

Cloud computing offers numerous options for disaster recovery. (If you are unsure about the term cloud computing please see Aprils newsletter)

Cloud computing removes the need to host your servers in a single location and as such spreads the risk from physical disasters such as flooding or fire.

Hosting alternate, redundant,  systems in the cloud provides fall-back for all but the most serious of disasters.

Geek-Guru can help design, implement and support cloud based systems to form part of your BCP plan.

For more info please e-mail us or call the office on 0845 234 0580