Checklist ITSCM Risk Analysis

From IT Process Wiki
Jump to: navigation, search

Checklist ITSCM Risk Analysis - Template ITSCM Risk Analysis


 

ITIL Process: ITIL Service Design - IT Service Continuity Management

Checklist Category: ITIL Templates - IT Service Continuity Management

Source: Checklist "ITSCM Risk Analysis" from the ITIL Process Map V2

 

The risk analysis within IT Service Continuity Management collects the following data in order to assess the risks in the event of disasters:

  • Critical business processes
    • Name
    • Purpose and objectives of the process
    • Classification of the processes into criticality categories (e.g. „Marginal“, „Normal“, „Critical“, „Highly Critical“)
  • Critical business data
    • Name
    • Type of information and usage of the data
    • Classification of the data into criticality categories (e.g. „Marginal“, „Normal“, „Critical“, „Highly Critical“)
  • Critical IT Services
    • Name
    • Dependencies of the critical business processes and data upon the IT Service (relationships between processes/ data and IT Services)
    • Classification of the IT Service into criticality categories (e.g. „Marginal“, „Normal“, „Critical“, „Highly Critical“)
  • Critical IT infrastructure components
    • Name
    • Dependencies of the critical IT Services upon the IT infrastructure components (relationships between IT Services and IT infrastructure components)
    • Classification of the IT infrastructure components into criticality categories (e.g. „Marginal“, „Normal“, „Critical“, „Highly Critical“)
  • Threat analysis
    • For all critical infrastructure components:
      • Which threats/ disaster scenarios are imaginable?
      • Which consequences does the occurrence of a scenario carry?
      • Which level of damage would be expected?
      • How likely is the occurrence? (e.g. „Highly Improbable“, „Improbable“, „Relatively Improbable“, „Rather Improbable“, „Highly Probable“
  • Analysis of vulnerabilities
    • For all critical infrastructure components:
      • Which vulnerabilities, impairing the critical infrastructure components in the event of a disaster, are imaginable?
      • Which consequences would a failure carry?
      • Which level of damage would be expected?
      • How great is the probability of occurrence? (e.g. „Highly Improbable“, „Improbable“, „Relatively Improbable“, „Rather Improbable“, „Highly Probable“
  • Priorised list of the risks (risk = occurrence probability x level of damage)
    • Type of risk
    • Based on which threat or vulnerability
    • Risk classification, e.g. „Negligible“, „Marginal risk, temporarily tolerable“, „Increased, still temporarily tolerable risk“, „High risk, not tolerable without precautionary measures“, „Extreme risk, to be ruled out by all means“