In many Disaster Recovery Plan (DRP) projects, IT is responsible for determining the value and criticality of all data, software, and hardware. Accurate assessments, however, cannot occur unless IT communicates with the business owners of those assets. In order to fully assess the risks to assets from a disaster, it is imperative to conduct a Risk and Business Impact Analysis (RBIA). This research note proposes an analysis of:
- Risks that the business faces outside of the technical arena. Outside influences may include equipment failure, fire, power outages, physical security breaches, floods, storms, civil unrest, terrorism, sabotage, and labor disputes.
- Risks with regard to technical aspects of the business. This includes penetration testing and vulnerability assessment.
- Dollar impact of disasters. Recovery is a business issue, so this exercise focuses on the business units of the enterprise. While technology is certainly involved, the bottom line is the cost associated with an interruption of service and the impact it has on the business.
A well-crafted RBIA provides justification for the expenditures necessary for developing a thorough DRP.