Checklist ITSCM Risk Analysis
<seo metakeywords="risk analysis itscm, itscm risk analysis, risk analysis checklist" metadescription="The risk analysis within IT Service Continuity Management (ITSCM) collects the following data in order to assess the risks in the event of disasters: ..." />
ITIL Process: ITIL V2 Service Delivery - IT Service Continuity Management
Checklist Category: Checklists for IT Service Continuity Management
Source: Checklist "ITSCM Risk Analysis" from the ITIL Process Map V2
The risk analysis within IT Service Continuity Management collects the following data in order to assess the risks in the event of disasters:
- Critical business processes
- Name
- Purpose and objectives of the process
- Classification of the processes into criticality categories (e.g. „Marginal“, „Normal“, „Critical“, „Highly Critical“)
- Critical business data
- Name
- Type of information and usage of the data
- Classification of the data into criticality categories (e.g. „Marginal“, „Normal“, „Critical“, „Highly Critical“)
- Critical IT Services
- Name
- Dependencies of the critical business processes and data upon the IT Service (relationships between processes/ data and IT Services)
- Classification of the IT Service into criticality categories (e.g. „Marginal“, „Normal“, „Critical“, „Highly Critical“)
- Critical IT infrastructure components
- Name
- Dependencies of the critical IT Services upon the IT infrastructure components (relationships between IT Services and IT infrastructure components)
- Classification of the IT infrastructure components into criticality categories (e.g. „Marginal“, „Normal“, „Critical“, „Highly Critical“)
- Threat analysis
- For all critical infrastructure components:
- Which threats/ disaster scenarios are imaginable?
- Which consequences does the occurrence of a scenario carry?
- Which level of damage would be expected?
- How likely is the occurrence? (e.g. „Highly Improbable“, „Improbable“, „Relatively Improbable“, „Rather Improbable“, „Highly Probable“
- For all critical infrastructure components:
- Analysis of vulnerabilities
- For all critical infrastructure components:
- Which vulnerabilities, impairing the critical infrastructure components in the event of a disaster, are imaginable?
- Which consequences would a failure carry?
- Which level of damage would be expected?
- How great is the probability of occurrence? (e.g. „Highly Improbable“, „Improbable“, „Relatively Improbable“, „Rather Improbable“, „Highly Probable“
- For all critical infrastructure components:
- Priorised list of the risks (risk = occurrence probability x level of damage)
- Type of risk
- Based on which threat or vulnerability
- Risk classification, e.g. „Negligible“, „Marginal risk, temporarily tolerable“, „Increased, still temporarily tolerable risk“, „High risk, not tolerable without precautionary measures“, „Extreme risk, to be ruled out by all means“