In a comprehensive Risk Analysis, there will be consideration given to where the single points of failure (SPOF) are in the corporate environment. It is usually easy to identify technology, and business process related SPOFS – a single server or computer platform; a single database; a single data center or call center; etc.
Single points of infrastructure are also usually easy to find; single power source, single telecommunicatios feeds; and such.
Business Continuity and Disaster Recovery Planners have been
getting much better at identifying single-source-providers and services.
What is often overlooked, however, are SPOF with Human Resources. Being dependent on one employee with a unique skill, knowledge base or expertise can be devastating if that resource is compromised.
The events of 9/11 proved to us that it is important to follow our dependencies far beyond the walls of our own environments. Companies that thought they had eliminated SPOFs being using multiple telecommunications providers or having dual power feeds into the buildings were surprised to find out that these solutions shared common infrastructure in conduits, central offices, and origination points outside of their facility. Instead of eliminating the SPOF all they did was move it somewhere else.
Be sure that when you conduct your Risk Analysis you consider all of your SPOFs, including Human Resources and shared infrastructure outside of your own facility.