IT Service Continuity Management

Risk Assessment

Unless you know what the real risks facing your IT infrastructure are, it is impossible to set up a prevention and recovery policy that will be at all effective in the event of a disaster.

IT Service Continuity Management must enumerate and assess the various risk factors according to their probability and impact. To do so, ITSCM must:

• Have an in-depth knowledge of the IT infrastructure and the configuration items (CIs) involved in providing each service, particularly critical and strategic IT services.
• Analyse possible threats and estimate their probability.
• Detect the most vulnerable points of the IT infrastructure.

The results of this detailed analysis will provide sufficient information with which to put forward various different prevention and recovery measures suited to the real needs of the business.

Prevention of generic, highly unlikely risks may be very expensive and not always justified. However, preventive or recovery measures designed to tackle specific risks may be simple, quick to implement and relatively cheap.

For example, if power cuts are frequent where the organisation is based, it might opt to relocate certain IT services via ISPs with redundant power systems or invest in an uninterruptible power supply (UPS) to run the CIs on which the most critical service depend, etc.