A Risk and Threat Assessment is conducted for the purpose of identifying potential dangers to an organization’s IT infrastructure. Most companies face risks from many sources, some obvious, some not so apparent. The specific threats facing a business differ from case to case, depending on variables such as political stability, geography, climate, and adjacent businesses.
The following is a list of common hazards that a Risk and Threat Assessment will evaluate for a standard data centre:
- Air Conditioning – Improper cooling levels can cause overheating and unpredictable failures within vital computing hardware.
- Humidity – High levels of humidity can damage hardware. If moisture penetrates electrical components of computers “shorts” can cause malfunctions.
- Fire – Is there anything within the building that involves open flame or lots of combustibles? Does an attached or adjacent building (like factory or restaurant) regularly use heat-based processes?
- Flooding – Hurricanes and tsunamis can wipe out entire data centres in coastal regions, as can damaged fresh water or sanitary pipes in centres operating anywhere.
- Inaccessibility – If employees cannot get to work, regular IT operations and maintenance may be disrupted. Whether it’s extreme weather, protests blocking main streets, or a transit strike, obstacles to building access can be a disaster.
- Power – Blackouts caused by anything from surges and power overuse to aging equipment failures can debilitate a business for several days or longer.
- Building structure – A vehicle crashing through a wall, damage to telecommunications caused by the construction next door, and everything in between can shut down operations for an extended time.
- Weather – Storms can cause blackouts or building damage that will force a business to suspend operations.
- Human activity – Terrorism, human error, cybercrime and corporate sabotage can all lead to disaster for an organization.
The Risk and Threat Assessment investigates all these sources of potential catastrophe and examines how relevant each is to a specific organization. Having this information allows a company to construct an optimal IT Disaster Recovery Program focused on preventing and recovering from the threats that are most likely to cause a disaster.
