Assessing business continuity risks in IT

Over the past years, IT has grown in importance in business operations. For most companies it has become vital for their functioning, with large losses and the potential for default if the systems fail. This growth was not precisely planned, it occurred in an organic fashion; IT systems have evolved. Because of this evolutionary process, companies might not be aware of the risks that are hidden in their IT systems. This paper presents a model based approach to quantify the risk. This approach builds on the risk process, which sees risks as a chain of causes and effects. For IT systems the phases are causes, resources, processes and consequences. The model allows for large numbers of items. However, for business purposes it is important to keep the numbers low. The approach also allows for ranking within the categories. The approach was applied in Essent Netwerk, a large Dutch energy network manager. The application of the approach led to a review of the current IT fallback scenario´s.