Assess the Risks

Risk, in this case, is defined as the sumof probability of occurrence plus the impact on your business. Impact is determined by analyzing the effect on your revenues, customers, employees and property.

One simple way to assess risk is to create a scale of 1 (lowest) to 10 (highest). For each potential threat, use the scale for both probability and impact.

For instance, the probability in your area for a flood might be low (2) while a computer hacker attack may be high (8).

The impact of a flood might be medium (5) while the impact of a hacker attacked may be very high (10).

In this example, the flood risk is 7 (2 + 5) and the hacker risk is 18 (8 + 10). The priorities of the BCP should be focused on those threats with the highest total.

You will need to determine the best way to assess the risks associated with your specific business, seeking professional advice if necessary.