There is no doubt that we live in a world of high risk especially when it comes to the technology that we use in our businesses. I often encourage clients to take steps to manage and mitigate risk so to avoid costly and disruptive issues in the future. I am preparing for a presentation in November where I will be speaking about risk in IT and thought I’d share a few thoughts here.
The first step in beginning to manage & mitigate risk is the ability to identify risk. There are three key areas or categories that you should consider when assessing your own IT environment, which is comprised of people, processes and technology (don’t just focus on the tech or you will undoubtedly miss important risk areas).
When trying to identify risk the three categories of assessment are:
- Failure of Governance – this is where an organization lacks the processes and necessary controls to ensure that their investment in technology is being adequately managed. Once deployed, processes need to be in place to ensure ongoing upkeep, capacity planning and change management.
- Data Recovery / Disaster Recovery – as organizations become more reliant on technology, there needs to be a plan in place to deal with a sudden and potentially catastrophic failure in those systems. How will you recovery data if a single service fails? What if multiple fail? What if your building becomes inaccessible? What if a natural disaster occurs?
- Security of Systems & Data – ensuring that we safeguard our data and systems has become of paramount importance. One only needs to read the newspapers to see the impact of security breaches. Data is compromised, privacy is compromised and your organization’s promise to customers to safeguard their private information is severely damaged.
I would suggest that as a starting point, you create a Risk Inventory within your organization beginning by listing potential risks within those three categories. Once the inventory has been created you should gauge the level of risk impact for each item to assist with future prioritization. In a future post leading up to my presentation I will provide some thoughts around how to mitigate the risks you identify.