Checklist ITSCM Risk Analysis

From IT Process Wiki
Revision as of 19:47, 26 July 2011 by Andrea (talk | contribs)

<seo metakeywords="risk analysis itscm, itscm risk analysis, risk analysis checklist" metadescription="The risk analysis within IT Service Continuity Management (ITSCM) collects the following data in order to assess the risks in the event of disasters: ..." />

Checklist ITSCM Risk Analysis - Template ITSCM Risk Analysis
Checklist ITSCM Risk Analysis - Template ITSCM Risk Analysis


ITIL Process: ITIL V2 Service Delivery - IT Service Continuity Management

Checklist Category: Checklists for IT Service Continuity Management

Source: Checklist "ITSCM Risk Analysis" from the ITIL Process Map V2


The risk analysis within IT Service Continuity Management collects the following data in order to assess the risks in the event of disasters:

  • Critical business processes
    • Name
    • Purpose and objectives of the process
    • Classification of the processes into criticality categories (e.g. „Marginal“, „Normal“, „Critical“, „Highly Critical“)
  • Critical business data
    • Name
    • Type of information and usage of the data
    • Classification of the data into criticality categories (e.g. „Marginal“, „Normal“, „Critical“, „Highly Critical“)
  • Critical IT Services
    • Name
    • Dependencies of the critical business processes and data upon the IT Service (relationships between processes/ data and IT Services)
    • Classification of the IT Service into criticality categories (e.g. „Marginal“, „Normal“, „Critical“, „Highly Critical“)
  • Critical IT infrastructure components
    • Name
    • Dependencies of the critical IT Services upon the IT infrastructure components (relationships between IT Services and IT infrastructure components)
    • Classification of the IT infrastructure components into criticality categories (e.g. „Marginal“, „Normal“, „Critical“, „Highly Critical“)
  • Threat analysis
    • For all critical infrastructure components:
      • Which threats/ disaster scenarios are imaginable?
      • Which consequences does the occurrence of a scenario carry?
      • Which level of damage would be expected?
      • How likely is the occurrence? (e.g. „Highly Improbable“, „Improbable“, „Relatively Improbable“, „Rather Improbable“, „Highly Probable“
  • Analysis of vulnerabilities
    • For all critical infrastructure components:
      • Which vulnerabilities, impairing the critical infrastructure components in the event of a disaster, are imaginable?
      • Which consequences would a failure carry?
      • Which level of damage would be expected?
      • How great is the probability of occurrence? (e.g. „Highly Improbable“, „Improbable“, „Relatively Improbable“, „Rather Improbable“, „Highly Probable“
  • Priorised list of the risks (risk = occurrence probability x level of damage)
    • Type of risk
    • Based on which threat or vulnerability
    • Risk classification, e.g. „Negligible“, „Marginal risk, temporarily tolerable“, „Increased, still temporarily tolerable risk“, „High risk, not tolerable without precautionary measures“, „Extreme risk, to be ruled out by all means“