This page has been archived.
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
In order to make sound decisions regarding potential actions that will ensure business continuity, governance personnel must achieve a clear understanding of the department's exposure to risks and related business interruptions. Clearly defined risk attributes provide this required knowledge and can be acquired through analyzing the risks found in the previous step. A lack of understanding of the potential negative consequences of Year 2000 related risks may prevent departments from pro-actively dealing with potential crises and minimizing the impact on their programs and services.
Note: Risk analysis is based on the SEI "Analyze" process [CRM Guidebook, Chapter 5, Page 37].
Departments must convert the risk information, gathered in the "identify" step, into decision-making information. In addition to defining the risk attributes such as probability, impact, timeframe, source, response and priority, departments must relate the risk information to assets and functions.
This analysis will allow departments to clearly understand the potential impact of risk on business continuity and to take the appropriate management actions to address the risks.
This information will be obtained through the use of workshops with technical and functional personnel and various other techniques identified herein. The analysis phase will also complement the risk analysis with a the definition of the business continuity requirements and the assessment of the department's capability in the area of business continuity.
Figure 5 – Analyze Data Flow
The following data inputs are required:
Input
Data Input | Description |
---|---|
Risk Information Sheet(s) | Risk Information Sheets as defined in the "Identify" step including the risk statement and context. |
Function Prioritization and Asset Mapping Document | Contains the prioritized business functions using pre-defined criticality criteria and maps mission-critical business functions to assets. |
Business Continuity Artifacts | A list of business continuity artifacts such as existing business resumption plans and disaster recovery plans that should be used in support of the analysis function. |
Output/Deliverable
The deliverables for this task include:
Table 6 provides a summary of the techniques and tools used for this activity. Details of the techniques and tools can be found in the appendices or the referenced documents.
Activity | Techniques and Tools |
---|---|
Analyze |
|
Risk Assessment |
|
Business Continuity Statement of Requirements and Capability Assessment |
|
The following are guidelines and tips that can facilitate the performance of this activity: