Document : Continuity Risk Assessment Scorecard
Author : BMC Software, Inc.
Version : 7.6.04
Damage Type
Financial Loss
The direct cost related to loss of sales, delayed product launches, spoiled goods, legal liabilities/litigation, and/or fraud.
Reduced Productivity
The waste of employee time
(include the time of long-term contractors).
Loss of Control
Management no longer able to control key financial and/or safety risks.
Loss of Reputation
The loss of trust from customers, shareholders, government(s), and/or suppliers.
Impaired Strategy
The delay of a merger, acquisition, company sale, reorganization, product development.
Result
Place a check in the first column where the total damage level is 10 or higher. Check box
“F” if the highest total damage level is less than 10.
Damage Level
5 More than $10 million
4 Between $1 million and $10 million
3 Between $100 thousand and $1 million
2 Between $10 thousand and $100 thousand
1 Less than $10 thousand
5 More than 1,000 employee hours
4 Between 500 and 1,000 employee hours
3 Between 100 and 500 employee hours
2 Between 10 and 100 employee hours
1 Less than 10 employee hours
5 Management data delayed by more than 1 week
4 Management data delayed up to 1 week
3 Management data delayed up to 3 days
2 Management data delayed up to 1 day
1 Management data delayed less than 6 hours
5 Negative exposure by major media and/or possible major government sanctions
4 Negative exposure by minor media and/or possible minor government sanctions
3 Negative exposure by word of mouth and/or breach of regulations
2 Negative exposure by word of mouth and/or breach of internal policies
1 No publicity or violation of rules
5 Strategic initiative aborted
4 Strategic initiative delayed by 2 months or more
3 Strategic initiative delayed by less than 2 months, but by more than 2 weeks
2 Strategic initiative delayed by 2 weeks or less
1 Strategic initiatives not impacted
Total Damage Level
Continuity Risk Level
Please refer to the “Recommended Continuity Coverage” table for an explanation of the different continuity risk levels.
Creation date : November 29, 2004
Last edited : April 17, 2020
Page : 1 of 2
2 hours























6 hours










1 day










3 days










1 week






























   
   
























1 month

























----------------- +
----------
A



----------------- +
----------
B



----------------- +
----------
C



----------------- +
----------
D



----------------- +
----------
E



----------------- +
----------
F


Copyright 2010 BMC Software, Inc. www.bmc.com

Document : Continuity Risk Assessment Scorecard
Author : BMC Software, Inc.
Version : 7.6.04
The Continuity Risk Assessment Scorecard should be used whenever a customer organization is considering the appropriate continuity coverage for a service infrastructure that it plans to use, or is already using. The service level manager will help the customer representative to fill out the scorecard.
When filling out the scorecard, the following five damage types are considered:

Financial Loss

Reduced Productivity

Loss of Control

Loss of Reputation

Impaired Strategy
For each type of damage, the damage level is then estimated for the following six outage durations:

2 hours

6 hours

1 day

3 days

1 week

1 month
Having estimated the damage level for each damage type at six outage durations, the scores can be added up in each column to determine the total damage level for each outage duration.
Knowing the total damage level for each outage duration, select the continuity risk level for the customer by placing a check in the first column (starting with the leftmost column) where the total damage level is 10 or higher. Check box “F” if all of the outage duration columns have a total damage level that is less than 10.
Knowing the customer’s continuity risk level for this service infrastructure, refer to the Recommended Continuity Coverage Table to help decide on the appropriate continuity coverage for the service infrastructure.
Creation date : November 29, 2004
Last edited : April 17, 2020
Page : 2 of 2
Use this table as a guideline to help select the appropriate continuity solution for the service infrastructure after having determin ed the customer’s continuity risk level using the
Continuity Risk Assessment Scorecard.
The maximum allowable outage duration in case of a disaster is no more than 2 hours.
The service infrastructure needs to be spread over at least two separate sites in such a way that if one site is destroyed, the service will continue to be delivered from the other site(s) without interruption.
The maximum allowable outage duration in case of a disaster is no more than 6 hours.
The continuity infrastructure must be kept up and running all the time at the continuity site. The backup data must already be restored on the continuity infrastructure to allow a full recovery to be performed with minimal manual intervention.
The maximum allowable outage duration in case of a disaster is no more than 1 day.
The continuity infrastructure must be kept up and running all the time at the continuity site. The backup data must already be available at the continuity site so that a restore can be performed shortly after a service recovery is initiated.
The maximum allowable outage duration in case of a disaster is no more than 3 days.
The components of the continuity infrastructure must be available at the continuity site so that they can be configured with a high priority shortly after a service recovery is initiated. The backup data can be kept at a secured offsite storage facility.
The maximum allowable outage duration in case of a disaster is no more than 1 week.
The components of the continuity infrastructure must be available at the continuity site so that they can be configured with a low priority shortly after a service recovery is initiated. The backup data can be kept at a secured offsite storage facility.
The maximum allowable outage duration in case of a disaster is no more than 1 month.
No continuity coverage is required for the service infrastructure.
Recovery of the service infrastructure can be performed on a best-effort basis.

Copyright 2010 BMC Software, Inc. www.bmc.com