An enhanced risk assessment framework for business continuity management systems

Every organization is exposed to several risks (e.g. cyber-attacks and disruptions caused by natural disasters). To respond to these risks properly, an effective risk management system should be implemented. Business continuity management is one of the most recent risk management frameworks, which enables the organizations to improve their resilience in order to cope with the identified risks. Risk assessment is one of the main parts of a business continuity management system (BCMS). In this paper, an enhanced risk assessment framework is proposed within the context of BCMS while accounting for specific steps and requirements of a BCMS. The proposed framework benefits from a suite of analytic techniques to enhance and facilitate the risk assessment and management within the well-known four-step framework (i.e. identifying, analyzing, evaluating, and responding to risks). The results of applying the proposed framework in a real case study demonstrate that it can effectively handle risk assessment and management process when implementing BCMS in an organization.