Continuity Risk Assessment Scorecard

advertisement

Document : Continuity Risk Assessment Scorecard

Author : BMC Software, Inc.

Version : 7.6.04

Customer:

Service:

Infrastructure:

<Customer Organization Name>

<Service Name, e.g. SAP>

<Service Infrastructure Name, e.g. P51>

Damage Type

Financial Loss

The direct cost related to loss of sales, delayed product launches, spoiled goods, legal liabilities/litigation, and/or fraud.

Reduced Productivity

The waste of employee time

(include the time of long-term contractors).

Loss of Control

Management no longer able to control key financial and/or safety risks.

Loss of Reputation

The loss of trust from customers, shareholders, government(s), and/or suppliers.

Impaired Strategy

The delay of a merger, acquisition, company sale, reorganization, product development.

Result

Place a check in the first column where the total damage level is 10 or higher. Check box

“F” if the highest total damage level is less than 10.

Damage Level

5 More than $10 million

4 Between $1 million and $10 million

3 Between $100 thousand and $1 million

2 Between $10 thousand and $100 thousand

1 Less than $10 thousand

5 More than 1,000 employee hours

4 Between 500 and 1,000 employee hours

3 Between 100 and 500 employee hours

2 Between 10 and 100 employee hours

1 Less than 10 employee hours

5 Management data delayed by more than 1 week

4 Management data delayed up to 1 week

3 Management data delayed up to 3 days

2 Management data delayed up to 1 day

1 Management data delayed less than 6 hours

5 Negative exposure by major media and/or possible major government sanctions

4 Negative exposure by minor media and/or possible minor government sanctions

3 Negative exposure by word of mouth and/or breach of regulations

2 Negative exposure by word of mouth and/or breach of internal policies

1 No publicity or violation of rules

5 Strategic initiative aborted

4 Strategic initiative delayed by 2 months or more

3 Strategic initiative delayed by less than 2 months, but by more than 2 weeks

2 Strategic initiative delayed by 2 weeks or less

1 Strategic initiatives not impacted

Total Damage Level

Continuity Risk Level

Please refer to the “Recommended Continuity Coverage” table for an explanation of the different continuity risk levels.

Creation date : November 29, 2004

Last edited : April 17, 2020

Page : 1 of 2

2 hours

6 hours

Duration of Service Outage

1 day

3 days

1 week

   

   

1 month

----------------- +

----------

A

----------------- +

----------

B

----------------- +

----------

C

----------------- +

----------

D

----------------- +

----------

E

----------------- +

----------

F

Copyright 2010 BMC Software, Inc. www.bmc.com

Document : Continuity Risk Assessment Scorecard

Author : BMC Software, Inc.

Version : 7.6.04

Scorecard Usage Guidelines

The Continuity Risk Assessment Scorecard should be used whenever a customer organization is considering the appropriate continuity coverage for a service infrastructure that it plans to use, or is already using. The service level manager will help the customer representative to fill out the scorecard.

When filling out the scorecard, the following five damage types are considered:

Financial Loss

Reduced Productivity

Loss of Control

Loss of Reputation

Impaired Strategy

For each type of damage, the damage level is then estimated for the following six outage durations:

2 hours

6 hours

1 day

3 days

1 week

1 month

Having estimated the damage level for each damage type at six outage durations, the scores can be added up in each column to determine the total damage level for each outage duration.

Knowing the total damage level for each outage duration, select the continuity risk level for the customer by placing a check in the first column (starting with the leftmost column) where the total damage level is 10 or higher. Check box “F” if all of the outage duration columns have a total damage level that is less than 10.

Knowing the customer’s continuity risk level for this service infrastructure, refer to the Recommended Continuity Coverage Table to help decide on the appropriate continuity coverage for the service infrastructure.

Creation date : November 29, 2004

Last edited : April 17, 2020

Page : 2 of 2

Recommended Continuity Coverage Table

Use this table as a guideline to help select the appropriate continuity solution for the service infrastructure after having determin ed the customer’s continuity risk level using the

Continuity Risk Assessment Scorecard.

Continuity

Risk Level

A

B

C

D

Recommended Disaster

Recovery Coverage

The maximum allowable outage duration in case of a disaster is no more than 2 hours.

The service infrastructure needs to be spread over at least two separate sites in such a way that if one site is destroyed, the service will continue to be delivered from the other site(s) without interruption.

The maximum allowable outage duration in case of a disaster is no more than 6 hours.

The continuity infrastructure must be kept up and running all the time at the continuity site. The backup data must already be restored on the continuity infrastructure to allow a full recovery to be performed with minimal manual intervention.

The maximum allowable outage duration in case of a disaster is no more than 1 day.

The continuity infrastructure must be kept up and running all the time at the continuity site. The backup data must already be available at the continuity site so that a restore can be performed shortly after a service recovery is initiated.

The maximum allowable outage duration in case of a disaster is no more than 3 days.

The components of the continuity infrastructure must be available at the continuity site so that they can be configured with a high priority shortly after a service recovery is initiated. The backup data can be kept at a secured offsite storage facility.

E

F

The maximum allowable outage duration in case of a disaster is no more than 1 week.

The components of the continuity infrastructure must be available at the continuity site so that they can be configured with a low priority shortly after a service recovery is initiated. The backup data can be kept at a secured offsite storage facility.

The maximum allowable outage duration in case of a disaster is no more than 1 month.

No continuity coverage is required for the service infrastructure.

Recovery of the service infrastructure can be performed on a best-effort basis.

Copyright 2010 BMC Software, Inc. www.bmc.com

Download