Identify risks in the following areas:
Information – What information and information systems are most vital to continue to run the business at an acceptable level?
Communication Infrastructure – What communications (email, toll free lines, call centers, VPNs, Terminal Services) are most vital to continue to run the business at an acceptable level?
Access and Authorization – Who needs to access the above systems and in what secure manner (VPN, SSL, DR Site) in the event of a disaster?
Physical Work Environment – What is necessary to conduct business in an emergency should the affected location not be available?
Internal and External Communication – Who do we need to contact in the event of an emergency and with what information?