Although ensuring that your specific requirements are spelled out in the service provider’s business-continuity and disaster-recovery plan is critical, it’s not enough to ensure success, says Karen Avery, Northeast Practice Leader, Business Continuity Management, Marsh Inc., a risk-services firm, NY.

“These plans tend to address things like IT, facilities and equipment, but that’s not enough. You’ve also got to address different types of risk — things like transition risk, value risk, complexity risk, innovation risk and geopolitical risk — and make sure these risks are aligned effectively from a business perspective with where your business is going,” says Karen.

The best way to evaluate these types of risks is by using a comprehensive approach to risk evaluation that involves identifying the risk, measuring the risk and mitigating the risk. “Most business-continuity plans jump right into risk mitigation, bypassing the other steps,” says Avery.

Read this article in its entirety.