Improve Your Risk Evaluation and Control tip #10 – keep it confidential

You have taken considerable time and effort to discover and document all of your companies vulnerabilities. Criminals or even your competition might be able to exploit this information.

Tip #10 Label and treat the risk evaluation as confidential or privileged information

For those in government organizations the risk evaluation should be protected from any ATIP requests.  To avoid lawsuits and other issues, legal council should advise private companies on treatment of the highly sensitive information in the risk report and their due diligence responsibilities.

The information gathered during the risk evaluation and control phase will be used to inform many of the latter stages of your program.  A summary of the top ten risks should be presented to those participating in the business impact analysis to give them an understanding of how operations would most likely be disrupted. The risk evaluation should be validated annually.  The business continuity management maintenance program should also include a risk evaluation of any major new project undertaken by the organization.

(For more information on DRI’s professional practices please read Professional Practice One – Program Initiation and Management DRII Professional Practices  June 1, 2012 Version 1)

Next week features blogs on insurance and business continuity…

Comments are closed.
  • Be Prepared

  • Professionals

  • Categories

%d bloggers like this: