Your browser is not supported

Your browser is too old. To use this website, please use Chrome or Firefox.

Step 2 in your Business Continuity Plan – Conducting a Risk Assessment

When performing a risk analysis, you need to ask yourself which disasters are most likely to occur in your region.  For example, if you live in Manitoba, your hurricane risk is very low, but you may be susceptible to things such as flooding and winter storms.

IMPORTANT NOTE:  Never underestimate the power of nature!

The types of risks include:

  • Natural hazards
  • Hazmat incidents
  • IT failures
  • Someone else’s disaster (ex. What if your main supplier has a disaster and can no longer get you a product you need immediately?)

 IMPORTANT NOTE:  What happens if you have two or more at once?

Natural disaster Risks

  • Flood ̶   If your business is located in a 100-year floodplain, you face greater than a 1 in 4 chance of being flooded during a 30-year timeframe.
  • Tornadoes ̶   More than 70 tornadoes per year touch down in populated regions, with the risk in Canada being highest in southern Ontario (source:  Natural Resources Canada)
  • Wildfire  ̶   Due to changing climate patterns, computer models from the University of California, Berkeley suggest that the Great Lakes region will become more susceptible to wildfire outbreaks from 2010 to 2039.
  • Earthquakes ̶   Earthquakes can happen along any fault line.  Canada experiences 3500 earthquakes per year, 50 of which can be felt.  Southern Ontario is the second most active region in Canada, with Western Canada being the first.  (source:  Natural Resources Canada)
  • Lightning strike  ̶    According to the National Lightning Safety Institute, one out of every 200 buildings will be struck by lightning each year.
  • Hurricanes  ̶   If your business is located near a southern coastal area you must be prepared for a hurricane making landfall, even if the hurricane season is relatively quiet.
  • High winds  ̶   Any area of the country is susceptible to high winds, even without hurricane activity.  These can destroy buildings, tear off roofs and turn debris into projectiles.
  • Tsunamis  ̶   Recent events in Japan have emphasized the destruction a tsunami can cause.   Any coastal region that experiences earthquakes is at a risk of a tsunami, which can completely devastate the area.
  • Pandemic ̶   Diseases such as swine flu, SARS, or many other diseases could break out in your region, mandating at least a temporary business closure due to public fear.

Hazmat Risks

The following are examples of a few hazardous materials incidents.  Imagine a similar one occurring near your place of business and ask yourself how much it would impact your daily business routine.

  • In 2008, an ice company had to be evacuated and closed due to a hazardous leak.
  • In 2009, a two-block region had to be shut down after 20-40 gallons of hydrogen peroxide were spilled.
  • In 2009, a few gallons of formaldehyde spilled at a hospital caused people to be overcome by vapors.
  • In 2008 a propane explosion in Toronto closed 3 highways and evacuated a 1 square mile region.

While these examples involve chemicals, hazmat incidents may also include biological and nuclear threats.  While the latter two are not probable, they are possibilities that still need to be taken into account.  You should ask yourself the following questions:

  • Does my organization (or a neighbouring business) work with hazardous materials?
  • Is my business located near a railroad track or another shipping route for hazardous materials?
  • Are we located near (within 100 km) of a nuclear plant?

WARNING:  You may be at risk for a hazmat incident and not even know it!

IT Risks

Technology is a valuable asset to any business in the “Information Age” but it also provides another line of disaster vulnerability.  Employee activity can unknowingly (or knowingly in some unfortunate cases) expose your network to attacks.  The following are examples of information technology attacks:

  • Denial of Service Attack ̶   Data cannot be sent in or out of your office, meaning all email and other Internet activity ceases.
  • Data Theft ̶   Important data such as client information, credit card numbers, passwords, etc. is stolen.  The culprit can be an outside person or an employee, and sometimes “phishing” techniques are used to capture passwords to bank accounts.
  • Deleted Data ̶   Key data necessary to keep your business running is deleted (either accidentally or on purpose).  Alternatively, data can be locked up on your system and encrypted, as was the case in Virginia in 2009.  Hackers broke into a prescription monitoring program and stole 8.3 million patients’ identities.  They also locked up those records and 35.6 million prescriptions in an encrypted file and demanded a $10 million ransom for the password.
  • Stolen Space ̶   While you may have nothing valuable on your network, criminals can still hack into your servers and use them to store illegal information (such as credit card numbers), or even use your servers to attack other businesses.

One major issue with technology is that many companies are not upgrading their computers due to financial issues.  This makes their networks more susceptible to crashing, leading both to data loss and lost time as employees attempt to mitigate the data loss. 

KEY IDEA:  New computer equipment (or failure of the old equipment) should be included in your disaster budget.