ARL Logo
Risky Thinking
On Risk Management, Business Continuity, and Security
24 November, 2017
[ Help Index | Video Demo | Example Walkthrough | Basic Operations | Getting Started | Purchasing Information ]

Activity

Activities are what an organization or business does.

In general we prefer the term activity over process because a business process generally involves a number of activities performed at different times and places by different people. We will need to model these separately if they have differing associated threats.

Typically you will create an activity by right-clicking either on the organization unit responsible for the activity, or on the location where the activity occurs.

Activity Report Contents

Not all these sections will appear in every report.

Section Description
DescriptionA short description of the activity.
Location and ResponsibilityWhere the activity takes place and which part of the organization is responsible for it.
Recovery Time ObjectiveA table of values relating to how fast the activity can be recovered. See Recovery Time Objective.
Recovery Point ObjectiveA table of values relating to how much data the organization is prepared to lose in the event of a disaster. See Recovery Point Objective.
Direct Costs of DisruptionHow much it will costs if the activity is not performed to some minimum service level, and how much it will cost to relocate the activity to an alternative location. See Direct Costs of Disruption below.
DependenciesA table of the activities and resources upon which this activity depends or which depend upon this activity. It is assumed that dependent activities and resources will cease operation after the impact delay, if one is specified. Mutual dependencies are activities or resources which this activity directly or indirectly depends on and which also depend directly or indirectly on this activity. If one of a set of mutual dependencies is disrupted, then all of that set of mutual dependencies will (possibly after a delay) be disrupted.
ThreatsDirect Threats are threats which apply specifically to this activity. Indirect threats are threats which threaten the location where this activity is located, or threaten an activity or resource this activity depends on.
Disruption RiskBased on the direct and indirect threats, estimates of the probability of the activity being disrupted in a single year.
Disruption ConsequencesA list of adverse events which will happen as a direct consequence of this activity being disrupted for a period of time.
Disruption Timeline (With Recovery)Assuming that only this activity is disrupted, and that the activity is recovered by its RTO, the sequence of events and costs that will be incurred until all activities are resumed.
Disruption Timeline (No Recovery)Assuming that only this activity is disrupted, and that the activity is not recovered, the sequence of events and costs that will occur along with the estimated costs. This can be used to estimate what will happen if the recovery time objective is not met.
Activity CategoriesThe set of activity categories to which this activity belongs.
NotesA section intended for additional notes on such topics as how any data was gathered and what assumptions were made.

Direct Costs of Disruption

In general the costs of a disruption to an activity will be a combination of hourly losses (due to the disruption) as well as the relocation costs required to run the activity at an alternative location.

The cost model allows for hourly costs to change twice to reflect possible changes in costs during an extended disruption.

Special care needs to be taken to avoid double-counting costs. For example, lost sales should only be counted once, and not at sales, shipping, and accounts receivable.


Could this help file be improved? Is there something we missed? Please take a few seconds to tell us using our support form.

[ Top | Help Index | Video Demo | Example Walkthrough | Basic Operations | Getting Started | Purchasing Information ]

© Albion Research Ltd. 2017