Conducting a Business Continuity Risk Assessment

The risk assessment focuses on the risks that are associated with a resource, and then links these risks to an activity that uses these resources. This allows a risk to be raised against a single resource but for it to map onto all of the activities that use it, which reduces the repeating of information.

Multiple risk assessments can be created and managed within Abriska. To allow groups of resources to be included within risk assessments, the concept of an “Entity” is used. An “Entity” is a risk assessment conducted against one or more groups of assets. For example, this could be all resources from a single site, all resources which are used by a specific activity, or just all resources that a are part of a single contact. To view the organisation's risk assessments, click on “Entities” from the organisation homepage. To modify the name, description, or to assign this entity to a contact, click on the entity name and then click “Setup Entity”.

Entity Risk Assessment Flow

Abriska guides the users through an organisation defined workflow that meets the requirements of BS 25999. The default workflow is shown below.

The links available on the sidebar will increase depending on the work stage.

Identify Resources

Resources need to be allocated to each entity to perform a risk assessment. Resources can be allocated to more than one entity to allow central resources to be included throughout organisation risk assessments. To select resources for an entity, click “View Resources” after clicking the entity name. All available resources will be displayed with a filter to allow resources to be filtered by division. Select those that need to be included within this risk assessment by clicking the checkbox next to each resource name.