Risk Reduction

The requirements analysis (completed within Stage 2 of the business continuity management process) will have identified those issues that need to be addressed through risk reduction rather than recovery. These may include:

 

  • Cross-training for critical or specialist operations

 

  • Changes to business practices to remove or reduce the number of points of failure

 

  • Documentation of critical functions

 

  • Splitting business processes over more than one site

 

  • Installation of UPS (Uninterruptible Power Supply) and potentially back-up power for computer systems to reduce vulnerability to power failure

 

  • Implementation of a more robust backup strategy and tape management system.

 

  • Providing offsite storage of backup media, either within the organisation or with a third party

 

  • Fault-tolerant and/or high-availability systems for critical applications where even minimal downtime is unacceptable. For example, a banking system

 

  • RAID arrays (Redundant Array of Independent Discs) and disk mirroring for LAN (Local Area Network) servers to guard against data loss and to ensure continued availability of data

 

  • Holding spares to be used in the event of equipment or component failure. For example, having a spare LAN server already configured and available to replace a faulty server within a minimum timescale

 

© Crown copyright2008