080312 Ict Hub Risk Management

900 views
784 views

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
900
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • 080312 Ict Hub Risk Management

    1. 1. Avoiding Apocolypse Marcus Pennell, SCIP Mark Walker, SCIP and Regional ICT Champion for the South East
    2. 2. ICT Risk Assessment and Recovery Planning <ul><li>Identifying Risk </li></ul><ul><li>Evaluating Risk </li></ul><ul><li>Analysing Risk </li></ul><ul><li>Managing Risk </li></ul><ul><li>Where to get help </li></ul>
    3. 3. About SCIP <ul><li>Not for profit social enterprise </li></ul><ul><ul><li>Training inc Net:Gain </li></ul></ul><ul><ul><li>IT Support </li></ul></ul><ul><ul><li>Web Design </li></ul></ul><ul><ul><li>Databases </li></ul></ul><ul><ul><li>Community Projects </li></ul></ul><ul><ul><li>Where to get Help </li></ul></ul>
    4. 4. Managing Risk <ul><li>Identify the Risk </li></ul><ul><ul><li>What can wrong? </li></ul></ul><ul><li>Evaluate the Risk </li></ul><ul><ul><li>How likely is it to occur? </li></ul></ul><ul><li>Analyse the Risk </li></ul><ul><ul><li>What would be the impact? </li></ul></ul><ul><li>Manage the Risk </li></ul><ul><ul><li>Policies and procedures </li></ul></ul>
    5. 5. Identifying Risk <ul><li>Legal requirement </li></ul><ul><li>Funders’ requirement </li></ul><ul><li>Better planning </li></ul><ul><li>Better use of resources </li></ul>
    6. 6. Types of Risk <ul><li>Technology that doesn’t work </li></ul><ul><li>Loss, damage or theft of equipment or data </li></ul><ul><li>Unauthorised access </li></ul><ul><li>Legal compliance </li></ul><ul><li>Loss of key personnel </li></ul>
    7. 7. Types of Risk <ul><li>Technology that doesn’t work </li></ul><ul><ul><li>Individual computers </li></ul></ul><ul><ul><li>Networks </li></ul></ul><ul><ul><li>Databases </li></ul></ul><ul><ul><li>Websites </li></ul></ul><ul><ul><li>Specialist equipment </li></ul></ul><ul><li>Completely broken </li></ul><ul><li>Doesn’t do what it’s supposed to </li></ul>
    8. 8. Types of Risk <ul><li>Loss, damage or theft </li></ul><ul><ul><li>Stolen or damaged in use </li></ul></ul><ul><ul><li>Malicious attack eg virus </li></ul></ul><ul><ul><li>Fire, Flood, ‘acts of god’ </li></ul></ul>
    9. 9. Types of Risk <ul><li>Unauthorised access </li></ul><ul><ul><li>Internal Confidentiality </li></ul></ul><ul><ul><li>External Attack </li></ul></ul><ul><ul><li>Passwords </li></ul></ul><ul><ul><li>Storage of sensitive information </li></ul></ul>
    10. 10. Types of Risk <ul><li>Legal Compliance </li></ul><ul><ul><li>Data Protection Act </li></ul></ul><ul><ul><li>Charities Law/Companies Act </li></ul></ul><ul><ul><li>Disability Discrimination Act </li></ul></ul><ul><ul><li>Health and Safety </li></ul></ul><ul><ul><li>Software licensing and copyright </li></ul></ul><ul><ul><li>Employment Law </li></ul></ul>
    11. 11. Types of Risk <ul><li>Loss of key personnel </li></ul><ul><ul><li>Staff members </li></ul></ul><ul><ul><li>Volunteers </li></ul></ul><ul><ul><li>Specialist knowledge </li></ul></ul><ul><ul><ul><li>ICT Systems </li></ul></ul></ul><ul><ul><ul><li>Use of Database </li></ul></ul></ul><ul><ul><ul><li>Specific Services eg Online Banking </li></ul></ul></ul>
    12. 12. Evaluating Risk <ul><li>How likely is it to occur? </li></ul><ul><ul><li>High, medium or low likelihood </li></ul></ul><ul><ul><li>A range of risks </li></ul></ul><ul><ul><li>Dependencies and knock on effects </li></ul></ul>
    13. 13. Analysing Risk <ul><li>What will be the impact? </li></ul><ul><ul><li>Financial management </li></ul></ul><ul><ul><li>Day to day operations </li></ul></ul><ul><ul><li>Service Delivery </li></ul></ul><ul><ul><li>Employment Issues </li></ul></ul><ul><ul><li>Disaster recovery </li></ul></ul><ul><ul><li>Cost </li></ul></ul><ul><ul><li>Efficiency/effectiveness </li></ul></ul>
    14. 14. Analysing Risk <ul><li>What will be the impact? </li></ul><ul><ul><li>Computers stop working therefore organisation stops working </li></ul></ul><ul><ul><li>Passwords not available therefore services not available </li></ul></ul><ul><ul><li>Server not working </li></ul></ul><ul><ul><li>Website not available </li></ul></ul><ul><ul><li>Client records or other important information lost </li></ul></ul><ul><ul><li>Misuse of client information </li></ul></ul><ul><ul><li>Threat of legal action </li></ul></ul>
    15. 15. Managing Risk <ul><li>Routine reviews of relevant policies </li></ul><ul><li>Routine maintenance of ICT resources </li></ul><ul><ul><li>Housekeeping </li></ul></ul><ul><ul><li>Health checks </li></ul></ul><ul><li>Backup procedures </li></ul><ul><li>Disaster recovery plans </li></ul>
    16. 16. Managing Risk <ul><li>Roles and Responsibilities </li></ul><ul><ul><li>Planning, evaluation and analysis </li></ul></ul><ul><ul><li>Resourcing and Fundraising </li></ul></ul><ul><ul><li>Technical solutions </li></ul></ul><ul><ul><li>Day to day operations </li></ul></ul><ul><ul><li>Testing </li></ul></ul><ul><ul><li>Reporting </li></ul></ul><ul><li>Individual and collective responsibility </li></ul><ul><ul><li>Managers, Staff, Trustees, Volunteers, IT Service Providers </li></ul></ul>
    17. 17. Managing Risk <ul><li>Backup strategies </li></ul><ul><ul><li>How and when to backup and who is doing it </li></ul></ul><ul><ul><li>On-site vs off-site </li></ul></ul><ul><ul><li>Online vs hard drive vs tape </li></ul></ul><ul><ul><li>Data recovery - processes and timescale </li></ul></ul><ul><li>Security strategies </li></ul><ul><ul><li>Levels of access </li></ul></ul><ul><ul><li>Password strength </li></ul></ul><ul><li>Training </li></ul><ul><ul><li>Who, what, when </li></ul></ul>
    18. 18. Where to get help <ul><li>What help does your organisation need? </li></ul><ul><ul><li>Planning, </li></ul></ul><ul><ul><li>Project management </li></ul></ul><ul><ul><li>Research/signposting </li></ul></ul><ul><ul><li>Installation </li></ul></ul><ul><ul><li>Implementation </li></ul></ul><ul><ul><li>Review </li></ul></ul><ul><ul><li>Fundraising </li></ul></ul>
    19. 19. Types of help <ul><li>National </li></ul><ul><ul><li>ICT Hub Knowledgebase </li></ul></ul><ul><li>Regional </li></ul><ul><ul><li>ICT Champion </li></ul></ul><ul><li>Local/sub-regional </li></ul><ul><ul><li>Circuit Riders, IT Support Companies </li></ul></ul><ul><ul><li>Volunteer Centre, university </li></ul></ul><ul><ul><li>net:gain Centres </li></ul></ul>
    20. 20. Who can help you? <ul><li>ICT Hub: www.icthub.org.uk </li></ul><ul><ul><li>Knowledgebase - www.icthubknowledgebase.org.uk </li></ul></ul><ul><ul><li>Suppliers Directory </li></ul></ul><ul><ul><li>Publications </li></ul></ul><ul><li>IT 4 Communities: www.it4communities.org.uk </li></ul><ul><ul><li>Volunteers </li></ul></ul><ul><li>AbilityNet: www.abilitynet.org.uk </li></ul><ul><ul><li>Accessibility </li></ul></ul>
    21. 23. <ul><li>Any other questions? </li></ul><ul><ul><li>Mark Walker </li></ul></ul><ul><ul><li>SCIP </li></ul></ul><ul><ul><li>01273 234049 </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul><ul><ul><li>www.scip.org.uk </li></ul></ul>

    ×