Organizations perform disaster recovery risk assessments to identify threats and risks that could make them vulnerable to business interruptions. By walking through various disaster scenarios, organizations can pinpoint their greatest business threats, as well as identify their control gaps, which increase the impact of threats. By doing this, the business continuity team can prioritize risks and spend time only on threats and risks that are most likely to occur and/or have the potential to severely impact the organization. Also, the risk assessment process and results can help aid crisis communications and awareness.
This tool includes four separate work program samples that can be used to build a comprehensive disaster recovery audit program. These samples provide testing procedures, checklists, financial and operational risks associated with not having a business continuity planning program, a generic threat survey, best practices, evaluation methods, and more.