Scribd
Upload
64 views17 pages

Aibel Risk Assessment Risk Analysis Questionnaire

This document contains a risk analysis questionnaire for an organization's Information and Communications Technology (ICT) systems. It lists potential ICT risks such as hardware and software failures, network issues, and lack of support staff. For each risk, it rates the probability and impact, and notes any countermeasures already in place to mitigate the risks, such as maintenance contracts, redundancy, alternate processing options, and teleworking capabilities. The questionnaire appears to be gathering data on ICT risks to help prepare a business impact analysis and formal risk assessment for the organization.

Uploaded by

Xavi Milan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
64 views17 pages

Aibel Risk Assessment Risk Analysis Questionnaire

This document contains a risk analysis questionnaire for an organization's Information and Communications Technology (ICT) systems. It lists potential ICT risks such as hardware and software failures, network issues, and lack of support staff. For each risk, it rates the probability and impact, and notes any countermeasures already in place to mitigate the risks, such as maintenance contracts, redundancy, alternate processing options, and teleworking capabilities. The questionnaire appears to be gathering data on ICT risks to help prepare a business impact analysis and formal risk assessment for the organization.

Uploaded by

Xavi Milan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 17

Commercial In Confidence

Aibel

AIBEL RISK ASSESSMENT


RISK ANALYSIS QUESTIONNAIRE

This is not a project deliverable; it is solely for the use of HP in gathering departmental and/or
functional data in order to prepare a Business Impact Analysis and Risk Assessment
GENERAL INFORMATION

Questionnaire completed by
Date of interview / response
Name of interviewee /
respondent
Function / Department
Job Title
Contact number / Xtn
Location
Building Number
Email address
Who is head of unit
/department
Normal staffing levels in Total Typical
your unit/ department/area Headcount Headcount
of responsibility (Established staff) (On a normal day i.e.
allowing for
leave/sickness/trg)

519323163.docx Page 1 19/04/2021

NOT PROTECTIVELY MARKED


Commercial in Confidence

RISK ANALYSIS QUESTIONNAIRE - ICT

Probability

In place?
Impact

Rating
Ser Risk Notes / Comment Countermeasures

Hardware problems (servers and Use test systems as production systems.


printers)
Maintenance contract.
Formal Disaster Recovery Plan.
Use hardware from less critical processes.
Utilise spare capacity on other systems.
Redundancy / Continuity hardware.
Distributed system architecture.
Backup Procedures.
Real time disk mirroring / Mirrored servers
off site
Off site data storage.
Tele-working.
Manual Processing.
Rapid response team / spares.
Surge Protection.
Fault tolerant architectures.

519323163.docx Page 2 19/04/2021

Commercial in Confidence
Commercial in Confidence

Probability

In place?
Impact

Rating
Ser Risk Notes / Comment Countermeasures

Hardware problems (networks) Maintenance contract


Redundancy within Architecture

Failure or Compromise of Maintenance contract
Software (servers and operating
Planned Redundancy
systems).
Failure or Compromise of Maintenance contract
Software (networks)
Planned Redundancy
Alternate Processing Options
Failure or Compromise of Maintenance contract
Software (applications)
Planned Redundancy
Alternate Processing Options

Failure or Compromise of Maintenance contract
Software (desktop applications)
Planned Redundancy
Alternate Processing Options


Including critical security flaw rendering asset unusable.

519323163.docx Page 3 19/04/2021

Commercial in Confidence
Commercial in Confidence

Probability

In place?
Impact

Rating
Ser Risk Notes / Comment Countermeasures

Unavailability of support staff Tele-working.


(UK)
Outsourcing.
Multi-discipline training.
ISO 9K – documenting all processes.
Temporary staff.
Multi-tasking / multi-skilling of staff.
Unavailability of support staff Tele-working.
(Overseas)
Outsourcing.
Multi-discipline training.
ISO 9K – documenting all processes.
Temporary staff.
Multi-tasking / multi-skilling of staff.
Power problems (main computer Generators and UPS for critical systems.
rooms)
Emergency lighting, torches.
Service contracts with suppliers.
External data comms failure Dual feed/diverse routing.
Multiple service providers.

519323163.docx Page 4 19/04/2021

Commercial in Confidence
Commercial in Confidence

Probability

In place?
Impact

Rating
Ser Risk Notes / Comment Countermeasures

External data comms failure (IT / Dual feed/diverse routing.


email)
Multiple service providers.

External comms line failure Dual feed/diverse routing.


Multiple service providers.

Fire (computer room) Automatic monitoring / detection /


suppression.
Manual checks by security guarding.
Extinguishers, sprinklers.
Rehearsals
DR Arrangements

519323163.docx Page 5 19/04/2021

Commercial in Confidence
Commercial in Confidence

Probability

In place?
Impact

Rating
Ser Risk Notes / Comment Countermeasures

Virus (malware etc) Virus detection / protection


Infection or detection.  Desktop.
 Servers
 Perimeters
AV Database updates
 Daily
 Weekly
 Ad hoc (emergency)
Ongoing Risk assessment
Limit access to internet.
Install firewalls / security Architecture
 IDS
 IPS
 Blocks or Break points
ISMS Policies & Procedures.
Raise awareness.

519323163.docx Page 6 19/04/2021

Commercial in Confidence
Commercial in Confidence

Probability

In place?
Impact

Rating
Ser Risk Notes / Comment Countermeasures

Hacker / unauthorised access Ongoing Risk assessment


Limit access to internet.
Install firewalls / security Architecture
 IDS
 IPS
 Blocks or Break points
 Proxy services
ISMS Policies & Procedures.
Raise awareness
ISO 17799 ISMS
Sabotage / malicious damage ISO 17799 ISMS
Checks
 Output checks
 Unauthorised / Unexpected activity
 Exception reporting
 Warning and Reporting

519323163.docx Page 7 19/04/2021

Commercial in Confidence
Commercial in Confidence

Probability

In place?
Impact

Rating
Ser Risk Notes / Comment Countermeasures

Data integrity compromised Formal Disaster Recovery Plan.


Information Security Management System.
Backup Procedures.
Real time disk mirroring.
Mirrored servers off site.
Off site data storage.
Tele-working.
Training.
Checks
 Input/Output validation
 Unauthorised / Unexpected activity
 Exception reporting

519323163.docx Page 8 19/04/2021

Commercial in Confidence
Commercial in Confidence

RISK ANALYSIS QUESTIONNAIRE - TELEPHONY

Probability

In place?
Impact

Rating
Ser Risk Notes / Comment Countermeasures

Hardware failure (switchboard) One fax-telephone with direct external


connection; contact number available in the
communication procedure.
Contact local service provider to reroute
calls and set up alternate switchboard.
Commercial recovery service.
Replacement PABX.
Telephone line failure Use of GSM – preferably from multiple
service providers.
Resilient network design.
Alternative cable routes.
Alternative service access points.
Alternative access methods.
Switching.
VPN.

519323163.docx Page 9 19/04/2021

Commercial in Confidence
Commercial in Confidence

Probability

In place?
Impact

Rating
Ser Risk Notes / Comment Countermeasures

Software failure in PABX or Manual workaround.


Switches
Alternate Services
Maintenance Contract

519323163.docx Page 10 19/04/2021

Commercial in Confidence
Commercial in Confidence

RISK ANALYSIS QUESTIONNAIRE - HR

Probability

In place?
Impact

Rating
Ser Risk Notes / Comment Countermeasures

Loss or unavailability of key staff Tele-working.


Outsourcing.
Multi-discipline training.
ISO 9K – documenting all processes.
Temporary staff.
Multi-tasking / multi-skilling of staff.
Identify and monitor requirements.
Liaison with recruitment agencies.
Networking.
Internal training / promotions / career
management programmes.
Inability to recruit suitable staff Identify and monitor requirements.
Liaison with recruitment agencies.
Multi-discipline training.
Skills Register

519323163.docx Page 11 19/04/2021

Commercial in Confidence
Commercial in Confidence

Probability

In place?
Impact

Rating
Ser Risk Notes / Comment Countermeasures

Reliance on contractors Identify alternate / back up suppliers.


Active supplier management / purchasing.
Identify and monitor alternate suppliers.
Limit amount of business given to any one
supplier.

519323163.docx Page 12 19/04/2021

Commercial in Confidence
Commercial in Confidence

RISK ANALYSIS QUESTIONNAIRE - BUILDINGS / SITE

Probability

In place?
Impact

Rating
Ser Risk Notes / Comment Countermeasures

Fire Dispersion.
Alternate Locations.
Open dialogue with Landlord / buildings
managed services
Familiarity with Emergency Services plans.
Flood Dispersion.
Alternate Locations.
Familiarity with Emergency Services plans.
Lightning / storm damage Dispersion.
Alternate Locations.
Familiarity with Emergency Services plans.

519323163.docx Page 13 19/04/2021

Commercial in Confidence
Commercial in Confidence

Probability

In place?
Impact

Rating
Ser Risk Notes / Comment Countermeasures

Denial of access Reduce dependency on single site


operations.
Dispersion of premises.
Dispersion of assets.
Identify / monitor availability of stand-by
facilities.
Commercial recovery centre.
Mobile accommodation.
Standby agreement with 3rd party.
Tele-working.
Explosion Dispersion.
Alternate Locations.
Familiarity with Emergency Services plans.

Break in / theft / vandalism Secure site (physical security)


Access control
CCTV
Security patrols
Monitor and detect

519323163.docx Page 14 19/04/2021

Commercial in Confidence
Commercial in Confidence

Probability

In place?
Impact

Rating
Ser Risk Notes / Comment Countermeasures

Power problems Alternate cable routes to substations.


Connection to alternate substations.
Standby generators.
Alternate working locations.
Surge protection for key equipment.
Knowledge of consumption requirements.
Alternate supply / suppliers.
On flight path(s) Dispersion.
Alternate Locations.
Familiarity with Emergency Services plans.
High risk neighbours Open dialogue with Landlord / buildings
managed services / neighbours
Local mine shafts / landfill / Site Emergency Plan, Facilities Business
subsidence Continuity Plans. Medical, Chemical
Emergency Plans. Disaster Recovery Plans.
Relocate business operations to alternative
site(s).

519323163.docx Page 15 19/04/2021

Commercial in Confidence
Commercial in Confidence

RISK ANALYSIS QUESTIONNAIRE - GENERAL

Probability

In place?
Impact

Rating
Ser Risk Notes / Comment Countermeasures

Loss of paper-based / desktop- Clear desk policy.


archived information
Store copies of critical reports / info in
secure off-site storage.
Backup / Archive / duplication strategy /
management system.
Document imaging.
Request 3rd parties to retain duplicate data.

Loss of major customer Balanced Marketing Strategy


Insurance
Major project failures Insurance
Project Management Framework
Major revenue / cost variations Project Management Framework
Change control
Breach of contract Project Management Framework
Quality Management
Failure to meet SLAs Project Management Framework
Negotiate penalty clauses etc

519323163.docx Page 16 19/04/2021

Commercial in Confidence
Commercial in Confidence

Probability

In place?
Impact

Rating
Ser Risk Notes / Comment Countermeasures

Claims from customers / Insurance


employees
Operational Policies
Training
Expectation Management
Poor housekeeping (e.g. Health & Internal Policies and Procedures for
Safety, Emergency Procedures) evacuation of personnel consistent with
Health & Safety procedures.
Initiate physical security review.
Restricting access points (H&S implication).

519323163.docx Page 17 19/04/2021

Commercial in Confidence

You might also like