Abstract: Governmental organisations are becoming more critically dependant on IT systems such as communication systems or patient data systems, both for their everyday tasks and their role in crisis relief activities. Therefore it is important for the organisation to analyse the reliability of these systems as part of the organisation's risk and vulnerability analysis process. This paper presents a practical risk analysis method for critical, large-scale IT systems in an organisation. The method is based on reliability block diagram modelling and was adapted to fit the requirements of governmental organisations and to reduce the effort required to capture complex failure behaviour. The paper first explicitly lists the requirements that such a risk analysis method must fulfil, then presents the proposed risk analysis method and finally outlines the planned evaluation of this method. Â© 2012 ISCRAM.