Risk management is a practice of systematically selecting cost effective approaches for minimizing the effect of threat realization to the organization. All risks can never be fully avoided or mitigated simply because of financial and practical limitations. Therefore all organizations have to accept some level of residual risks.

Whereas risk management tends to be preemptive, business continuity planning was invented to deal with the consequences of realised residual risks. The necessity to have BCP in place arises because unlikely events will occur eventually. Risk management and BCP are often mistakenly seen as rivals or overlapping practices. In fact these processes are so tightly tied together that such separation seems artificial. For example, the risk management process creates important inputs for the BCP (assets, impact assessments, cost estimates etc). Risk management also proposes applicable controls for the observed risks. Therefore, risk management covers several areas that are vital for the BCP process. However, the BCP process goes beyond risk management's preemptive approach and moves on from the assumption that the disaster will realize at some point.

sandSecurity bridges the gap between constanct vigilance for IT Security issues and the day-to-day critical business operations. We provide quality risk management and loss prevention services through a cycle of continuous awareness, assessment, remediation and solution verification.