• Business Continuity
• Analyze data backup/recover practices.  Determine whether well documented, implemented and tested;
• Analyze disaster recovery plan and determine vulnerabilities and omissions;
• Examine relationships with third-party vendors to identify potential sources of risk in case of catastrophe.

• Data Security
• Analyze data security measures and determine vulnerabilities:
• Network security measures;
• Database security measures;
• Platform security measures;
• Application security measures;
• Employee permission, password policies;
• Physical access to critical assets.
• Analyze change management policies and procedures.

• Personnel
• Determine key resources which must be retained;
• Determine vulnerabilities to attack by displaced personnel.