In Module 6 click on the "Hazard and threat" icon. The following screen will appear.



The top left hand list box contains the hazards and threats that could potentially affect the organization. This list box can be sorted by hazard & threat name or by hazard and threat type. It is possible to add, delete or edit hazards or threats using the buttons at the foot of the list box. Use the radio buttons at the top of the list box to change the sort sequence. On the right hand side of the screen the top memo box contains a description of the selected hazard or threat. The list box beneath this description displays the potential incidents that have been set up against the selected hazard or threat. It is possible to add, delete or edit potential incidents using the buttons at the foot of the list box.

At the bottom of the screen there is a question that asks whether the selected hazard or threat is considered to be a key risk and whether it is likely to affect the organization in some measurable way. The User can select "Yes" or "No" from the droop down list box next to the question. The User can also open an additional information area about that answer by clicking tick box and clicking on the "View" button. 

Based on available research and consideration of the factors involved, the User organization needs to decide on whether the selected hazard or threat is likely to affect the organization or not.  If the User answers "Yes" to this question then five further questions appear. The User should address these five questions in the same way as the first question. If the User wishes to hide the additional questions 

Describe hazard or threat and add relevant information here on why the organization is vulnerable to this specific problem



Add a new hazard or threat

Clicking the "+" button at the foot of the list box opens up a pop-up window that allows the User to add a new hazard or threat and assign a hazard or threat type code.



In the pop-up window enter the new potential incident name and click the "Save" button.  The list of key hazards & threats will be immediately updated. If the potential incident or threat type code you require is not in the dropdown list you will have to return to the hazard & threat screen and set up a new type code by clicking the "Add, delete and edit hazards & threats types" button and adding a new type code.



Delete selected hazard or threat

You may delete a hazard or threat from the BCMS provided the incident has not already been mapped to one or more assets or resources.  Simply select the threat or hazard and click the delete button. If the hazard or threat does not have existing mapped-relationships then a pop-up will appear asking you to confirm this delete action. 



If the hazard or threat has one or more existing mapped relationships then a pop-up message informs the User that these will need to be cleared before the deletion process can be completed. Mapped relationships are usually cleared through the mapping (out) arrows.


Edit selected hazard or threat

To make changes to the name or type of a selected hazard or threat, click the "Edit" button and a new pop-up will appear. 



Type in or correct the details, and / or change the hazard threat type, then click the "Save" button and the record will be automatically updated in the list box.



Add potential incident

Clicking the "+" button at the foot of the list box opens up a pop-up window that allows the User to add a new potential incident and assign a potential incident or threat type code. In the pop-up window enter the new potential incident name and click the "Save" button.  The list of key asset and resources will be immediately updated.

If the potential incident or threat type code you require is not in the dropdown list you will have to set up a new type code by clicking the "+/-" button and adding a new type code.

Delete selected potential incident

You may delete a potentially disruptive incident from the BCMS provided the incident has not already been mapped to one or more assets or resources.  Simply select the required potential incident  and click the delete button. If the potential incident does not have existing mapped relationships then a pop-up will appear asking you to confirm this delete action.  If the potentially disruptive incident has one or more existing mapped relationships then a pop-up message informs the User that these will need to be cleared before the deletion process can be completed. Mapped relationships are usually cleared through the mapping (out) arrows.



Deleting a potentially disruptive incident is not the same as unmapping a potentially disruptive incident.  Unmapping eliminates the mapped relationship between that potential incident and an asset or resource but does not remove the potential incident itself. Deleting removes the potential incident completely from the system.  Great care should be exercised when deleting records as this action is not reversible and any related data may also be lost.



Edit selected potential incident

To make changes to the name or type of a selected potential incident, click the "Edit" button and a new pop-up will appear. 



Type in or correct the details, and / or change the potential hazard or threat type, then click the "Save" button and the record will be automatically updated in the list box.

Analyzing the selected hazard or threat

Each hazard or threat in the list box should be analyzed using the dropdown list boxes and by providing the resultant risk data. Determining whether the risk is relevant to the organization, whether it constitutes a high risk and the estimated likelihood are all important considerations in determining whether an actual incident is likely and whether an response plan should be prepared. The first question is about whether the selected hazard or threat could affect the organization. If this question is answered "yes" then five further questions appear. Each question also has a tick box that allows a pop-up area to appear for adding further clarification about each question and response.

Q.1    Is this hazard / threat considered to be a key risk and likely to affect our operations?

Based on available research and consideration of the factors involved, the User organization needs to consider whether the selected hazard or threat is likely to be a particularly high risk. Choose "Yes" or "No" in the dropdown list box.

Q.2    Is this hazard or threat likely to have a really serious impact on our organization?

Based on available research and consideration of the factors involved, the User organization needs to consider whether the selected hazard or threat is likely to be a particularly high risk. Choose "Yes" or "No" in the dropdown list box.

Q.3    Likelihood of an actual incident arising from the selected hazard / threat in the next three years.

Based on available research and consideration of the factors involved, the User organization needs to consider the chances of an incident actually arising from this hazard or threat. Choose "V. High"; "High"; "Med"; "Low" or "V. Low" from the dropdown.

Q.4     Our defenses to prevent incidents arising from this threat are considered to be:

Based on available research and consideration of the factors involved, the User organization needs to consider the chances of an incident actually arising from this hazard or threat. Choose "Good"; "Adequate"; or  "Poor" from the dropdown.

Q.5    Our ability to minimize impact from such incidents is considered to be: 

Based on available research and consideration of the factors involved, the User organization needs to decide on how well the organization is prepared to minimize the impact arising from the selected threat. Choose "Good; "Adequate"; or  "Poor" from the dropdown list box.

Q.6    Is the above list of potential incidents considered to be complete for this hazard / threat? 

Based on available analysis and consideration of the factors involved, the User organization needs to decide on whether the list of potential incidents arising from the selected hazard or threat is complete or whether further potential incidents need to be added and planned for. Choose "Yes" or "No" in the dropdown list box.



Opening the additional information areas

If the User wishes to record information on the reasons for choosing "Yes" or "No", or to add additional data on the vulnerabilities faced,  then this can be entered in the analysis data area.  To open the analysis data area, click on the "View analysis tick box" and then click the "View" button that appears.  An example follows:



In this example, this will bring up a new pop-up for adding analysis data for this aspect of the risk analysis for the selected hazard / threat. In this pop-up describe the vulnerabilities to this hazard or threat and consider action needed to reduce the level of vulnerability.

Reference material:

1. Additional bcp business continuity plan information is available at www.business-continuity-expert.com/bce-bcp-business-continuity.htm
2. More details on bs25999 can be obtained from www.business-continuity-expert.com/bce-bs25999.htm
3. Go to www.business-continuity-expert.com/bce-business-contingency.htm for explanations on business contingency
4. Further details can be found at www.business-continuity-expert.com/bce-disaster-preparedness.htm

Sitemap