This page has been archived.
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
In order to initiate and feed the business continuity process with essential information, departments must identify those risks that may impact the achievements of the technical (compliance) and functional (business continuity) objectives. The absence of clear risk identification will lead to an unfocused business continuity process and the possible inability of departments to respond to crises.
Note: This risk identification activity is based on the
SEI
"Identify" process [CRM Guidebook,
Chapter 4, Page 27].
The objective of the risk identification step is to locate risks that may impact the ability of the department to convert their Year 2000 susceptible assets before they become problems and to ensure business continuity. The step includes the identification of risks through the use of a taxonomy questionnaire and the documentation of these risks in Risk Identification Sheets. That information will then be fed into the analysis phase where risk attributes will be defined and documented.
Figure 4 – Identify Data Flow
The following data inputs are required (shaded boxes is not included):
Input
Data Input | Description |
---|---|
Year 2000 Taxonomy | The Year 2000 taxonomy is the main tool used to support risk identification. It consists of a series of questions that highlight important aspects of a Year 2000 project. |
Prioritized Business Functions | A functional decomposition is primarily conducted to help identify risks by allowing participants to relate them to specific business functions (unless the risk is high level, affecting all aspects of the project). A prioritized list of business functions will assist in analyzing and ranking the risks or related business continuity activities. |
Asset Mapping | Asset mapping is essentially a list of assets (susceptible or not) that support a specific business function. The asset mapping will help the risk identification activity by allowing participants to relate risks to specific assets (unless the risk is high level, affecting all aspects of the project). |
Output/Deliverable
The deliverables for this task include:
Table 4 provides a summary of the techniques and tools used for this step. Details of the techniques and tools can be found in the appendices or in the referenced documents.
Activity | Techniques and Tools |
---|---|
Business Function Prioritization |
|
Asset Mapping |
|
Identify |
|
Identify Business Continuity Artifacts |
|
The following are guidelines and tips that can facilitate the performance of this step.