Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a data center. Comparable to risk reduction, risk mitigation takes steps to reduce the negative effects of threats and disasters on business continuity (BC)
Risk mitigation can be defined as taking steps to reduce adverse effects. There are four types of risk mitigation strategies that hold unique to Business Continuity and Disaster Recovery.
Risk mitigation is one element of risk management, and its implementation will differ by organization. Although the principle of risk mitigation is to prepare a business for all potential risks, a proper risk mitigation plan will weigh the impact of each risk and prioritize planning around that impact. Risk mitigation focuses on the inevitability of some disasters and is used for those situations where a threat cannot be avoided entirely. Rather than planning to avoid a risk, mitigation deals with the aftermath of a disaster and the steps that can be taken prior to the event occurring to reduce adverse, and potentially long-term, effects.
One aspect of risk mitigation is prioritization -- accepting an amount of risk in one part of the organization to better protect another. By establishing an acceptable level of risk for different areas, an organization can better prepare the resources needed for business continuity while putting less mission-critical business functions on the back burner.