Present Blog-IT thought leadership in Canada

How to evaluate your risk in the event of a disaster in 22 questions

Written by Benoit Mercier_ | Jun 20, 2017 12:00:00 PM

Most companies take measures to protect their IT data, and with good reason. However, the increasingly critical role of IT in business models tends to increase the vulnerability of enterprises to disasters.

To help you evaluate your company’s risk level in event of a disaster, we have drawn up a questionnaire that addresses four areas related to IT security. This short survey will help you have a better idea of the consequences of a disaster on your operations, business, human resources, and your supply chain.

Answer the following questions and determine your risk level!

 

Operations

Most of a company’s current operations depend on the IT infrastructure. It is therefore necessary to know the components essential to the proper functioning of the company.

 

1. Can you identify your company’s services that depend the most on IT to be functional?

2. How often is your data backed up?

3. Has the back-up been tested recently?

4. How much time does it take to reinstall a server?

5. Do you know how much time it would take to resume normal operations after a disaster?

6. Is the interdependence between your different systems documented?

7. Can you identify the applications, databases, and other information required to operate normally?

 

Business

A disaster can have dire consequences on a business level. To be without important data or having to interrupt one’s operations can lead to a loss of sales and market share, as well as loss of credibility.

 

8. Can you estimate the financial losses that could result from a IT disaster?

9. Can your company undergo a service outage without affecting your reputation or losing credibility?

10. Is your confidential information well protected in order to prevent any form of litigation?

11. Have you come up with a crisis management plan (public relations, sale losses, guarantee funds) in case of data loss or a service outage?

12. Do you know the financial value (income/hour) attributable to your IT infrastructure’s efficiency?

 

Human resources

Staff play a crucial role during an IT system outage. When the systems are not working, you should be able to rely on a qualified IT team as well as on employees who can react quickly and adequately in all departments.

 

13. Are your IT employees confident in the reliability of your IT infrastructures?

14. Are your IT employees trained to react efficiently in case of disaster?

15. Do you know how many IT employees are necessary to ensure recovery in case of disaster?

16. Can your users continue working without access to their applications? Do you know the average cost per hour of those who deliver the services essential to the company’s operations?

 

Suppliers and partners

In order to function properly, many companies rely on various supply chains. Whether it be parts, raw materials, partners, or equipment, your supply system most probably depends on IT.

 

17. Do you know your level of dependence to your suppliers and business partners?

18. Can your company function in spite of extra lead time?

19. Do your partners protect your confidential information well (i.e. orders and bills)?

20. Do your partners have a disaster recovery plan?

21. How much time would it take them to resume their operations after a disaster?

22. Do your distributors know your expectations in case of an IT disaster?

 

 

What is your risk level in case of disaster?

 

If you answered “No” or “I don’t know” to several of these questions, your company’s IT infrastructure may be at risk. In this case, an impact analysis may help you better identify your needs and priorities regarding IT security.

 

An impact analysis is a rigorous task whose main objective is to establish a hierarchy of your IT availability needs. By conducting an impact analysis, you will be able to determine your recovery point objectives (RPO) and recovery time objectives (RTO).

 

This exercise allows you to view your IT environment in a pyramidal form (from the full backup of data to the full protection of the most critical applications) and set up a recovery plan adapted to each type of potential disaster.