Business Threat/Risk Assess Checklist
Business Threat and Risk Assessment
Checklist, by Business_Policies.com. 2001,
63 pages on CD-ROM. ISBN
BUSINESS THREAT AND RISK ASSESSMENT CHECKLIST ON CD-ROM
by Edmond D. Jones, MBCP
Published by The Rothstein Catalog On Disaster Recovery.
In stock for immediate shipment.
FROM THE INTRODUCTION:
A comprehensive threat and risk assessment provides essential information for the
development of business continuity plans and safety programs and for maintaining
appropriate insurance coverage for the organization. The findings are also used to identify
economically appropriate mitigation measures that may be implemented to significantly
reduce the probability of the occurrence of an event, or reduce the impact an event may have
upon the organization.
This manual contains checklists that an individual or group may use to evaluate the threats
and risks which may impact an organizations campus, facility or even specific departments
within the organization. Each of the checklists shown in this manual and a cover page that
may be used to assemble your own checklists are contained on the CD that accompanies
TABLE OF CONTENTS
Threat and Risk Assessment
Area 01 Facility Disaster Exposure
Area 02 Peripheral Security
Area 03 Monitoring
Area 04 -- Lighting
Area 05 Access Control and Interior Security
Area 06 Emergency Systems
Area 07 Utility Support Systems
Area 08 General Office Areas
Area 09 Records Retention Areas
Area 10 Heating, Ventilation and Air Conditioning
Area 11 Emergency Generators
Area 12 PC/ Server Room Fire Exposure ([Specify Room Location])
Area 13 PC/Server Room Water Damage Exposure ([Specify Location])
Area 14 PC/Server Room Air Conditioning (temperature, filtration, and humidity) ([Specify
Area 15 PC/Server Room Electricity ([Specify Location])
Area 16 PC/Server Room Physical Security and Access Controls ([Specify Location])
Area 17 PC/Server Room Housekeeping ([Specify Location])
Area 18 PC/Server Room Single Points of Failure ([Specify Location])
Area 19 Test Lab Fire Exposure
Area 20 Test Lab Room Water Damage Exposure ([Specify Location])
Area 21 Test Lab Air Conditioning (temperature, filtration, and humidity) ([Specify Location])
Area 22 Test Lab Room Electricity ([Specify Location])
Area 23 Test Lab Physical Security and Access Controls ([Specify Location])
Area 24 Test Lab Single Points of Failure ([Specify Location])
Area 25 Mainframe Computer Room Fire Exposure ([Specify Room Location])
Area 26 Mainframe Computer Room Water Damage Exposure ([Specify Location])
Area 27 Mainframe Computer Room Air Conditioning (temperature, filtration, and humidity)
Area 28 Mainframe Computer Room Electricity ([Specify Location])
Area 29 Mainframe Computer Room Physical Security and Access Controls ([Specify
Area 30 Mainframe Computer Room Housekeeping ([Specify Location])
Area 31 Mainframe Computer Room Single Points of Failure ([Specify Location])
Area 32 Recoverability of Critical Functions
Area 33 Computer and Communications Problem and Change Management
Area 34 - Off-Site Storage Program
Area 11 Emergency Generators
Item Exposure YES (Y) NO (N) N/A
1. Is there a periodic review and assessment of the load connected to the generator?
2. Is the generator tested on a routine basis according to manufacturer's
recommendations under no-load conditions to verify the AC voltage production and
3. Is the generator tested on a routine basis according to the manufacturer's
recommendations under partial and full load conditions?
4. Do the controls provide both capacity and load-shedding priorities?
5. If the generators are located outside:
Are there crank-case and block heaters?
Are there cranking battery heaters?
6. Does the generator start automatically in an emergency?
Are the conditions that initiate starting routinely tested?
7. Are the available fuel tanks large enough to enable uninterrupted generator operation
for 5 consecutive days without refueling?
Are there procedures in place to ensure that the tanks always have sufficient
fuel to enable uninterrupted generator operation for 5 consecutive days?
8. Is the stored fuel checked on a routine basis for water or other contaminants?
9. Are fuel filters and air filters checked and changed on a routine basis?
10. Are the fuel injectors and spark plugs checked, cleaned and changed on a routine
11. Is the fuel-flow from the storage tank(s) to the generator gravity based?
If no and a power pump is used, is there a hand-pump permanently
connected to the fuel supply piping for use in the event of a power pump failure?
12. Is a generator parts list available?
13. Is there a supply of spare parts (belts, hoses, clamps, filters) immediately available?
14. Are service manuals and maintenance diagrams readily available?
15. Is a preventative maintenance or trouble diagnostics manual readily available?
16. Is the generator manufacturer's service number posted on the generator control
17. Is there a preventative maintenance program in place to provide routine service for the
Is there a written record to indicate that the services required are being
18. Are the generators located in a place where they are immune from flooding due to
water-main breaks, leaks in internal or external piping, sprinkler activation or leakage?
ABOUT THE AUTHOR
EDMOND D. JONES is certified as a Master Business Continuity Planner (MBCP) by the
Disaster Recovery Institute, International. His involvement with continuity planning began in
1964 and continued throughout his 20-year military career. This experience included planning
for various types of organizations, including data processing organizations. Working in the
commercial sector since 1985, he has assisted 100's of businesses in the United States and
Canada in defining and establishing their business continuity programs and plans. Mr. Jones
has been an instructor for the Disaster Recovery Institute, International; assisted in
development of the Institute's Professional Practices; and, was responsible for designing the
review course for candidates preparing for the MBCP examination. In addition, Mr. Jones was
one of the first members of the Disaster Recovery Institute to be elected to serve on the
Institute's Certification Board. Mr. Jones has had articles published in the Disaster Recovery
Journal and been an expert source for articles in ComputerWorld and the Law Office
Published by THE ROTHSTEIN CATALOG ON DISASTER RECOVERY.
In stock for immediate shipment.
2001, 63 pages, CD-ROM. Order #DR525.
Rothstein Associates Inc.
4 Arapaho Rd.
Brookfield, CT 06804-3104 USA
Telephone: 203.740.7444; 888.768.4783