The choice a company makes for dealing with a specific risk.
The main Risk Strategies are:
Choosing to discontinue or not undertake an operation to avoid the risks involved. (e.g. closing or not opening a branch
in a dangerous location.)
Risk Mitigation or Risk Reduction.
Taking steps to reduce the probability or impact of a risk.
Shifting the risk to another organization by taking out insurance, or sub-contracting an activity to another organziation.
Risk Acceptance. Recognizing the risk but choosing not to take any
specific action to control or reduce it. Self-insurance, where a company chooses
to pay for losses itself rather than take out insurance, is a form of risk
Are you responsible for Business Continuity, Disaster Recovery, or Risk Management
in your organization? Then you may wish to receive a free subscription to the
the monthly Risky Thinking Newsletter. It contains news, opinions
and articles of interest to people working in these areas.
A question which confuses many people is whether a document, data, or procedure should be included in the business continuity or disaster recovery plan, or should it simply be referenced by it. As so often is the case, it's a trade-off...