CHAPTER 7: IDENTIFYING THEORGANISATION’S REQUIREMENTS

In BS25999 parlance, risk and impact assessment is what is referred to as ‘understanding the organisation’. Now, most people running organisations already understand them, but what this part of the system is about is analysing the risks of disruption and the sensitivity, or vulnerability, of the organisation’s activities to those disruptions and interruptions.

On one hand, if the organisation develops plans and spends money on contingencies for risks, or scenarios, that are actually less likely and would give rise to less impact than others, and on the other ignores risks that are more likely or give rise to greater impact, it is simply wasting money and leaving itself exposed.

At the same ...

Get Everything you want to know about Business Continuity now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.