Checklist ITSCM Risk Analysis

From IT Process Wiki

Checklist ITSCM Risk Analysis - Template ITSCM Risk Analysis
Checklist ITSCM Risk Analysis - Template ITSCM Risk Analysis


 

ITIL Process: ITIL Service Design - IT Service Continuity Management

Checklist Category: ITIL Templates - IT Service Continuity Management

Source: Checklist "ITSCM Risk Analysis" from the ITIL Process Map V2  | ⯈  ITIL Process Map V3

 

The risk analysis within IT Service Continuity Management collects the following data in order to assess the risks in the event of disasters:

  • Critical business processes
    • Name
    • Purpose and objectives of the process
    • Classification of the processes into criticality categories (e.g. „Marginal“, „Normal“, „Critical“, „Highly Critical“)
  • Critical business data
    • Name
    • Type of information and usage of the data
    • Classification of the data into criticality categories (e.g. „Marginal“, „Normal“, „Critical“, „Highly Critical“)
  • Critical IT Services
    • Name
    • Dependencies of the critical business processes and data upon the IT Service (relationships between processes/ data and IT Services)
    • Classification of the IT Service into criticality categories (e.g. „Marginal“, „Normal“, „Critical“, „Highly Critical“)
  • Critical IT infrastructure components
    • Name
    • Dependencies of the critical IT Services upon the IT infrastructure components (relationships between IT Services and IT infrastructure components)
    • Classification of the IT infrastructure components into criticality categories (e.g. „Marginal“, „Normal“, „Critical“, „Highly Critical“)
  • Threat analysis
    • For all critical infrastructure components:
      • Which threats/ disaster scenarios are imaginable?
      • Which consequences does the occurrence of a scenario carry?
      • Which level of damage would be expected?
      • How likely is the occurrence? (e.g. „Highly Improbable“, „Improbable“, „Relatively Improbable“, „Rather Improbable“, „Highly Probable“
  • Analysis of vulnerabilities
    • For all critical infrastructure components:
      • Which vulnerabilities, impairing the critical infrastructure components in the event of a disaster, are imaginable?
      • Which consequences would a failure carry?
      • Which level of damage would be expected?
      • How great is the probability of occurrence? (e.g. „Highly Improbable“, „Improbable“, „Relatively Improbable“, „Rather Improbable“, „Highly Probable“
  • Priorised list of the risks (risk = occurrence probability x level of damage)
    • Type of risk
    • Based on which threat or vulnerability
    • Risk classification, e.g. „Negligible“, „Marginal risk, temporarily tolerable“, „Increased, still temporarily tolerable risk“, „High risk, not tolerable without precautionary measures“, „Extreme risk, to be ruled out by all means“

 

By:  Stefan Kempter , IT Process Maps.