I.T.I.S. Home
Company ProfileWhy Deal with Us?Alliance PartnersInsurancesAssociation MembersNewsWorkers Compensation ConsultingParadigm
Contact UsDisclaimerPrivacy

Risk Management

In today’s world, technology is the cornerstone of all business. Recognising this fact is an essential part of good business. The risk management of your technical assets, if done diligently and regularly using the appropriate resources, will ensure the value of your data stored and processed on your technical environment is secure. Data loss, corruption or destruction in any business can have a high degree of impact on all aspects of the business operating environment. Risk factors include but not limited to reputational risk, legal risk, financial risk and operational risk. It is therefore vital that the business and technical management teams are fully aware of the risk profile of any enterprise.

The first step in this process is to conduct a risk analysis of the business’s operating environment. Begin by assembling a Risk Team to examine the elements of risk within the operating environment. This team should include a business manager and a technical manager and maybe as small as two people. Identify all risk elements that the operating environment is exposed to and document. Then identify risk events. For example, a risk element is Data Loss. A Data Loss may occur due to an event such as:

Hard disk failure whereby a disk or disks within your business’s computing environment fails causing irrecoverable data loss.

  • Accidental deletion or corruption of key business data by human error.
  • Natural attacks such as fire, flooding, earth quake.
  • Human attacks such as theft, vandalism, acts of terrorism, disgruntle employees.
  • Malicious network attack from hacking or virus attack.
  • Storage media corruption or loss such as tape damage scratched CD’s and the like.
  • Programmatical data corruption whereby a piece of software may corrupt data due to incorrect programming.

The next step is to assess the cost to the business of each risk event by assuming the event identified occurs. The key questions that businesses should ask themselves include:

  • How much money would it cost the business if it lost a day's, week's or month’s worth of data or even ALL of the data?
  • Would the business be able to quickly recreate the data without affecting the bottom line?
  • How much would it cost the business in terms of time, money and reputation if the data could and couldn’t be recovered?
  • Could you continue to conduct business as usual or even conduct business at all?

The final step is to develop a mitigation strategy for each risk identified. Mitigation strategies can be expensive or as cheap as the business likes. More often than not, a mitigation solution that maximises the reduction of impact of the risk event will be more expensive than a minimal mitigation solution. It is therefore a case of what value the business puts on the protection against that event occurring. For example, the value of data tapes being stolen for a retail food shop as opposed to a banking enterprise is completely different. The bank enterprise would therefore put in place a more expensive and robust mitigation strategy for this event compared with the retail food shop.

Mitigation strategies include the use of business continuity plans and disaster recovery plans, both of which all businesses should have in place and, like the Risk Management planning process, should be regularly revisited as the business evolves and changes. The business continuity plan is used to ensure business continuity in the event of a breakdown in the operating environment, not just technology. The disaster recovery plan is used to ensure the business continuance in the event of a halt in the business operation due to a risk event such as a complete power outage for an extended period of time.

Insurance is a key part of all mitigation strategies where there is no operational or practical mitigation solution to a risk. Examples of insurances include:

  • Industrial Special Risks/Business/Office Insurance
  • Business Interruption/Instant Profits Insurance
  • Network Protection Insurance

Risk planning is an essential element of good business management and smart insurance policy to protect your most valuable asset... your data!

Scott Lawson runs an independent technology management company acting as the IT Manager for Small to Medium Enterprise operators around Australia requiring help, management and direction in the day to day operation of business technology. For further details, send an e-mail to scott.lawson@tight.com.au

Tight Proprietary Limited 2005