Supremus Group
BIA, RA, BCP, DRP template BIA, BCP, DRP plan Disaster Recovery Plan (DRP) template Business Continuity Program (BCP) template Data Center Recovery template Risk Assessment Template Business Impact Analysis (BIA) template
You are here > Home >Templates Suite

Package 8: Risk Analysis Bundle with Application and Data Analysis - Complete Package with Policies
Call us now:
(515) 865-4591

Our risk analysis templates are customized based on best practices and standards for application & data criticality analysis. This package has templates, forms, and examples. Our templates will assist you to comply with following regulations and standards like SOX, HIPAA, ISO 17799, FDA, FFIEC, FISMA, Basel II and COOP & COG.

 

These risk analysis templates can be used by Healthcare organizations, security consulting companies, manufacturing company, IT departments of different companies, servicing companies, educational organizations, financial institutions, law firms, pharmaceuticals & biotechnology companies, telecommunication companies and others.

Feel free to request a sample before buying.

List of documents in this Risk Analysis templates package:

Cost: $240
Buy Now

Conducting a Risk Assessment Guide

Objectives

The purpose of this document is to assist the business conduct a Risk Assessment, which make out current risks and threats to the business and implement procedures to eradicate or decrease those potential risks.  This document endow with guidance on how to conduct the Risk Assessment, evaluate the information that is assembled, and put into practice strategies that will permit the business to manage the risk.  The following documents are available to help the business complete the assessment:

  • Risk Assessment Template
  • Risk Assessment Worksheet
  • Facility RA Findings Report
  • Executive RA Findings Report
  • Examples of Preventative Measures

The Risk Assessment is merely part one of an overall Business Assessment.  A Business Assessment is alienated into two constituents, Risk Assessment and Business Impact Analysis (BIA).  The Risk Assessment is intended to evaluate current vulnerabilities to the business's environment, while the Business Impact Analysis evaluates probable loss that could result during a disaster.  To maximize the Risk Assessment, a Business Impact Analysis should also be completed.

Table of Contents of Conducting a Risk Assessment

INTRODUCTION           

Compliance      
Scope  

RISK ASSESSMENT    

Objectives of the Risk Assessment        
Risk Assessment Process        
What Should Be Included?         
Steps to Follow 

ASSESSING YOUR RISK

Identifying Risks / Threats          
Probability of Occurrence           
Vulnerability to Risk      
Potential Impact
Preventative Measures in Place  
Insurance Coverage       
Past Experiences

           
ANALYZING THE RESULTS   

Review Interview Notes  
Follow-Up Meetings       
Report the Results
           

FINAL REPORT & PRESENTATION   

Creation of Executive Report      
Presenting the Results  
Next Steps       
Conclusion       

KEYS FOR SUCCESS

Senior Management Support      
Effective Data Gathering Tools    
Key Resources 
Critical Data     
Executive Report           

APPENDIX ITEMS

Appendix A:  Risk Assessment Survey   
Appendix B:  Risk Assessment Worksheet         
Appendix C:  Facility Risk Assessment Report
Appendix D:  Executive Risk Assessment Report
Appendix E:  Examples of Preventative Measures

Risk Assessment Template

OBJECTIVE

Due to many regulatory compliance rule regulations, your organization must implement Business Resumption Plan, Business Continuity Plan and Business Analysis Plan to ensure the protection of data.  In order to carry out this undertaking, there are numerous steps that your organization will be carrying out to detect critical business functions, processes and applications that process vital data and to understand the potential impact to the business if a disruptive event occurred. 

One of the first steps of implementing the Business Resumption Plan for your organization is to conduct a Risk Assessment (RA).  This questionnaire will assist you to detect the present risks and threats to the business and put into practice measures to eradicate or lessen those potential risks.   Once the survey is completed, the RA Project team will examine the data and create prioritized risk reduction (mitigation) strategies to present to senior management.

Table of Contents of Risk Assessment Template

OBJECTIVE     

GENERAL INFORMATION        

Respondent Information 
Company Information     

PREVIOUS DISRUPTIONS       

Facility Related 
Technology Related       
Weather Related           

NATURAL & MAN-MADE RISKS & THREATS    

Natural Risks / Threats  
Man-Made Risks / Threats         

ENVIRONMENT & FACILITY RISKS      

Environment Risks / Threats      
Facility Risks / Threat    

PREVENTATIVE MEASURES    

Hazardous Materials     
Fire Containment          
Emergency Notification, Evacuations, Alarms & Exits      
Facility Features, Security,  & Access    
HVAC  
Utilities
Data Center (Technologies)

Preventative Measures

The following list contains examples of preventative measures that can be put into practice by the company to alleviate the potential risks that at present exist.   Some of these activities may be achievable easily, as to where some may take more time and more resources.

Natural Risks

These risks are typically linked with weather related events:  flooding, high winds, severe storms, tornado, hurricane, fire, high winds, snow storms, and ice storms. 

Risk / Threat

Preventative Measures

Earthquakes
  • Move large and heavy objects to the fall to prevent injury (from falling on people.)
  • Equipment tie-downs are used on all critical computer equipment.
  • Emergency power is available on-site.
  • Earthquake construction guidelines have been adhered to so that damage can be minimized.
  • Critical data and vital records should be backed up and sent offsite for storage.
  • Staff should be trained in Earthquake evacuations and safety.

Man-Made Risks

These risks are typically linked with man-made type of events:  Bomb threats, vandalism, terrorism, civil disorder, sabotage, hazardous waste, work stoppage (internal/external), and computer crime. 

Risk / Threat

Preventative Measures

Staff Productivity Risks
  • Alternate sources of trained employees have been identified
  • Proper training and necessary cross-training is conducted
  • Files are backed up and procedures are documented
  • The work areas are comfortable and safe

Environmental Risks

These risks are typically linked with exposures from surrounding facilities, businesses, government agencies, etc. 

Risk / Threat

Preventative Measures

Hazardous Materials Plant

 
  • There is a nightly backup of data processing electronic record and that backup is stored off-site
  • The off-site backup facility is a sufficient distance away from this facility
  • An alternate site has been identified for use in the event that this facility is unusable

Final Facility Risk Assessment Report Template w/ charts

<Enter Facility Name>

Address of Location:

Participant:

Date of Report:

The interview was conducted by <Enter the Name of Person(s) conducting interviews> on <Enter Month, Day, and Year>. 

Overview of Facility Business Operations

The <Name of Facility> is responsible for <enter overview of all business operations that are conducted at this site.  (Identify if the facility provides patient care.)    

Previous Disruption Experiences

  • <Enter any previous disruption experiences and details of incident>
  • <Enter any previous disruption experiences and details of incident>
  • <Enter any previous disruption experiences and details of incident>

Risks & Vulnerabilities

Natural Risks

These risks are typically linked with weather related events:  flooding, high winds, severe storms, tornado, hurricane, fire, high winds, snow storms, and ice storms.  In each RA Survey, the facilities manager was asked to identify potential natural risks and rate the severity of each. 

<Enter Chart using the template on the Natural Risks tab in the Executive Report Charts located in the appendix.>

Summary of Natural Risks

For the location of this facility and historical weather patterns, it has been stated that <Enter top 3 - 5 Natural Risks> pose the biggest threat.  <Add additional comments if necessary.> 

How the risk ranking was determined:  Overall Risk = Probability * Severity (Magnitude - Mitigation)

Threat

Probability

Magnitude

Mitigation

Overall Risk

Drought

 

 

 

 

Earthquake

 

 

 

 

Fire

 

 

 

 

Flood / Flash Flooding

 

 

 

 

Hurricane / Tropical Storm

 

 

 

 

Ice Storms

 

 

 

 

Landslides

 

 

 

 

Severe Thunderstorms

 

 

 

 

Tornado

 

 

 

 

Wildfire

 

 

 

 

Risk Analysis Policy

Objective

The Risk Analysis (RA) Policy document establishes the activities that require to be carried out by each Business Unit, Technology Unit, and Corporate Units (departments) within the organization. 

All departments must use this methodology to detect present risks and threats to the business and put into practice measures to eradicate or decrease those potential risks.    

Table of Contents for Risk Analysis Policy

TERMINOLOGY
ACCOUNTABILITY
COMPLIANCE
REVISION HISTORY
ENDORSEMENT

I.  POLICY OVERVIEW

A. Purpose
B. Scope
C. Ownership Roles & Responsibilities
D. Review Process
E. Reporting Process
F. Update Frequency and Annual Review
G. Approval

II. RA REQUIREMENTS

A. RA Completion
B.  Risks and Threats Identification
C.  Probability of Occurrence
D.  Vulnerability to Risk
E.  Potential Impact of Risk
F.  Preventative Measures
G.  Insurance Coverage
H.  Previous Disruptions

III. RA RESULTS

A.  Overall Facility Risk
B.  Communication
C.  Retention of RA Survey

APPENDIX

Appendix A - Risk Assessment Standards

Applications and Data Criticality Analysis Template

Objective

The intention of the Application & Data Criticality Analysis is to determine the criticality to covered entity of all application based components and the potential losses which may be incurred if these components were not available for a period of time.  This questionnaire is designed to collect the information necessary to support the development of alternative processing strategies, solutions and IS Recovery plans.

The Business Impact Analysis (BIA) should be fulfilled prior to this engagement.  The outcome of the BIA should be used to assess technology requirements based on the business needs. 

This questionnaire also serves as a compliancy method for meeting many regulatory compliance rule requirements for Application & Data Criticality Analysis.

Table of Contents of Applications and Data Criticality Analysis Template

OBJECTIVE                   

RESPONDENT INFORMATION  

APPLICATION INFORMATION 

Application Information
Application Specifications        
Application Users  
Application Service Providers  
Application Vulnerability          
Application Recovery Complexity        
Application Recovery Plan       
Application Recovery History  
Application Standard Operating Procedures     
Application Source Code and Backup Information       
Application Dependencies        
Application Data Reconstruction          

DATABASE INFORMATION 

Database Information   
Database Service Providers
Database Vulnerability 
Database Recovery Complexity           
Database Recovery Information           
Database Recovery History     
Database Standard Operating Procedures        
Database Backup Information  
Database Backup Tape Information     

HARDWARE (SYSTEM) INFORMATION 

Hardware Information  
Hardware Environment Information      
Hardware Service Providers    
Hardware Vulnerability
Hardware Recovery Complexity          
Hardware Recovery Plan         
Hardware Recovery History    
Hardware Backup Information 
Hardware Backup Tape Information    

NETWORK INFORMATION

Network Equipment Requirements       
Network Service Providers      
Network Vulnerability  
Network Recovery Complexity
Network Recovery Plan          
Network Recovery History      
Network Standard Operating Procedures        

To view specific section of this document, please contact us at sales@supremusgroup.com or call us at (515) 865-4591.

To buy individual template packages, visit following links:
 
Home | About Us | Contact Us | Reseller | Press Release | Privacy Notice | Refund Policy | Site Map | Resources
BIA, BCP, DRP, EMOP Plan Template Packages | HIPAA Certification Training | HIPAA Training
HIPAA Overview | Certified HIPAA Privacy Associate (CHPA) | Certified HIPAA Privacy Expert (CHPE) | Certified HIPAA Security Expert (CHSE) |
Certified HIPAA Privacy Security Expert (CHPSE)| Demo | Free HIPAA HITECH ARRA Online Training | HIPAA Custom Online Course
Tel: (515) 865-4591 | Fax: (515) 221-2363
Copyright © 2006-2012 www.SupremusGroup.com A SUPREMUS GROUP venture
Website Design and SEO by Iowa Web Design Company
This site is best viewed using Internet Explorer 5.0/higher or Netscape Navigator 7.0/higher at 1024x768 resolution for optimum performance