Part 1: Mitigation Strategies v2

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Jump to navigation Jump to search
BackBCM BCS.png
BCM Planning Methodology RS.jpg

Part 1: Mitigation Strategies

Part 1: Mitigation Strategies

Threat (Col 2)

The name of each threat identified in List of Threats in the RAR questionnaire. BCM Coordinators are to ensure that all the relevant threats of the high-risk level that have been highlighted in the RAR phase are represented here under the threat column.

Existing Controls (Col 3)

  • Controls are instruments or practices that are used to manage risk. All controls fall within one of the above 4 treatment options and served as an elaboration of the existing risk treatments. Existing Controls were defined in the RAR phaseand should be exactly the same as the ones there for each threat
  • Existing Controls are "Controls" that are already implemented within your organization to manage the identified risk. For example, if the fire is the threat, existing controls could include fire extinguishers, fire wardens, and an evacuation plan.

Risk Rating (Col 4)

  • Risk Rating is the result of the multiplication of the assigned value for Risk Likelihood against the assigned value of the Highest Risk Impact.
  • The result is the Risk Rating of an individual threat. Risk Rating was established in the RAR phase and should be exactly the same for each threat here

Risk Level (Col 5)

Risk Level is the overall level of assessed risk for an individual threat to the organization. Risk level was established in the RAR phase and should be exactly the same for each threat here.

Risk Treatment (Residual Risk) (Col 6)

BackBCM BCS.png
  • Risk Treatment (Residual Risk) refers to the additional mitigating measures that will be added on top of existing controls by the organization to handle recognized threats in order to reduce the threats to as minimal a risk as possible
  • 4 risk treatments are available to address the majority of the risks posed by threats

Additional Mitigation Strategies (Col 7)

Additional Mitigation Strategies are additional measures in line with the risk Treatment added on top of existing controls and measures

Justification for Additional Mitigation Strategies (Col 8)

Why is this strategy chosen? Why are these additional measures in place? What purpose do they serve in minimizing the occurrence or impact of the threat?