You Can't Take Effective Action Until You
When an organization understands the risks facing its day-to-day operations it can act in two ways. First it can take actions to reduce or eliminate those risks (Enterprise Risk Management) or it can develop plans to respond and recover if the risk ever occurs (Business Continuity and Disaster Recovery Planning). Without understanding its risks, an organization can do neither.
Toolkit's Risk Assessment capability helps identify the vulnerabilities of an organization to any perceived or potential threat and defining the controls to reduce exposure.
Toolkit helps you perform Risk Assessments on your organization's critical assets:
- Business Processes
- IT Systems
- Supply Chain
Toolkit uses a Risk Assessment methodology based on NIST 800-30 recommendations. Each assessment begins by identifying the threats (natural, climatic, man-made, reputational, technological, etc.) and assessing whether the asset has a vulnerability to any of those threats. Once those threats, or risks, are identified, Toolkit enables you to quantify the likelihood of it occurring, the impact to the organization if it did occur, and any mitigation efforts that have been or will be undertaken to reduce the likelihood or impact.
In addition to identifying those factors, it is also important to determine the priority with which a risk needs to be managed based on the impact it may cause, the likelihood of its occurrence and the potential mitigation of each risk. Toolkit enables BCM administrators to view cumulative risk assessment factors at the enterprise level, to monitor the progress of mitigation efforts and to gain a clear understanding of risks facing the organization's overall operations.
Customize Toolkit to the Needs of Your Organization
Each Risk Assessment component (threats, vulnerabilities, impacts, etc.) is customizable. Your organization can focus on only certain risks, or can develop a comprehensive list of threats. Each factor can be easily customized for each type of asset - because threats to IT components are likely to be quite different than threats to facilities or business processes.
You have complete control over the breadth and content of your own Risk Assessments. And you have complete freedom to decide on which assets you'll perform risk assessments.
Toolkit's Risk Assessment is comprehensive, flexible and fully integrated into Toolkit. Full integration means all data for all components of the eBRP Suite are pulled from the same relational database. All functions of the BCM lifecycle are speaking to each other using the same data in real time.