Avoiding Apocolypse Marcus Pennell, SCIP Mark Walker, SCIP and Regional ICT Champion for the South East

ICT Risk Assessment and Recovery Planning Identifying Risk Evaluating Risk Analysing Risk Managing Risk Where to get help

Identifying Risk

Evaluating Risk

Analysing Risk

Managing Risk

Where to get help

About SCIP Not for profit social enterprise Training inc Net:Gain IT Support Web Design Databases Community Projects Where to get Help

Not for profit social enterprise

Training inc Net:Gain

IT Support

Web Design

Databases

Community Projects

Where to get Help

Managing Risk Identify the Risk What can wrong? Evaluate the Risk How likely is it to occur? Analyse the Risk What would be the impact? Manage the Risk Policies and procedures

Identify the Risk

What can wrong?

Evaluate the Risk

How likely is it to occur?

Analyse the Risk

What would be the impact?

Manage the Risk

Policies and procedures

Identifying Risk Legal requirement Funders’ requirement Better planning Better use of resources

Legal requirement

Funders’ requirement

Better planning

Better use of resources

Types of Risk Technology that doesn’t work Loss, damage or theft of equipment or data Unauthorised access Legal compliance Loss of key personnel

Technology that doesn’t work

Loss, damage or theft of equipment or data

Unauthorised access

Legal compliance

Loss of key personnel

Types of Risk Technology that doesn’t work Individual computers Networks Databases Websites Specialist equipment Completely broken Doesn’t do what it’s supposed to

Technology that doesn’t work

Individual computers

Networks

Databases

Websites

Specialist equipment

Completely broken

Doesn’t do what it’s supposed to

Types of Risk Loss, damage or theft Stolen or damaged in use Malicious attack eg virus Fire, Flood, ‘acts of god’

Loss, damage or theft

Stolen or damaged in use

Malicious attack eg virus

Fire, Flood, ‘acts of god’

Types of Risk Unauthorised access Internal Confidentiality External Attack Passwords Storage of sensitive information

Unauthorised access

Internal Confidentiality

External Attack

Passwords

Storage of sensitive information

Types of Risk Legal Compliance Data Protection Act Charities Law/Companies Act Disability Discrimination Act Health and Safety Software licensing and copyright Employment Law

Legal Compliance

Data Protection Act

Charities Law/Companies Act

Disability Discrimination Act

Health and Safety

Software licensing and copyright

Employment Law

Types of Risk Loss of key personnel Staff members Volunteers Specialist knowledge ICT Systems Use of Database Specific Services eg Online Banking

Loss of key personnel

Staff members

Volunteers

Specialist knowledge

ICT Systems

Use of Database

Specific Services eg Online Banking

Evaluating Risk How likely is it to occur? High, medium or low likelihood A range of risks Dependencies and knock on effects

How likely is it to occur?

High, medium or low likelihood

A range of risks

Dependencies and knock on effects

Analysing Risk What will be the impact? Financial management Day to day operations Service Delivery Employment Issues Disaster recovery Cost Efficiency/effectiveness

What will be the impact?

Financial management

Day to day operations

Service Delivery

Employment Issues

Disaster recovery

Cost

Efficiency/effectiveness

Analysing Risk What will be the impact? Computers stop working therefore organisation stops working Passwords not available therefore services not available Server not working Website not available Client records or other important information lost Misuse of client information Threat of legal action

What will be the impact?

Computers stop working therefore organisation stops working

Passwords not available therefore services not available

Server not working

Website not available

Client records or other important information lost

Misuse of client information

Threat of legal action

Managing Risk Routine reviews of relevant policies Routine maintenance of ICT resources Housekeeping Health checks Backup procedures Disaster recovery plans

Routine reviews of relevant policies

Routine maintenance of ICT resources

Housekeeping

Health checks

Backup procedures

Disaster recovery plans

Managing Risk Roles and Responsibilities Planning, evaluation and analysis Resourcing and Fundraising Technical solutions Day to day operations Testing Reporting Individual and collective responsibility Managers, Staff, Trustees, Volunteers, IT Service Providers

Roles and Responsibilities

Planning, evaluation and analysis

Resourcing and Fundraising

Technical solutions

Day to day operations

Testing

Reporting

Individual and collective responsibility

Managers, Staff, Trustees, Volunteers, IT Service Providers

Managing Risk Backup strategies How and when to backup and who is doing it On-site vs off-site Online vs hard drive vs tape Data recovery - processes and timescale Security strategies Levels of access Password strength Training Who, what, when

Backup strategies

How and when to backup and who is doing it

On-site vs off-site

Online vs hard drive vs tape

Data recovery - processes and timescale

Security strategies

Levels of access

Password strength

Training

Who, what, when

Where to get help What help does your organisation need? Planning, Project management Research/signposting Installation Implementation Review Fundraising

What help does your organisation need?

Planning,

Project management

Research/signposting

Installation

Implementation

Review

Fundraising

Types of help National ICT Hub Knowledgebase Regional ICT Champion Local/sub-regional Circuit Riders, IT Support Companies Volunteer Centre, university net:gain Centres

National

ICT Hub Knowledgebase

Regional

ICT Champion

Local/sub-regional

Circuit Riders, IT Support Companies

Volunteer Centre, university

net:gain Centres

Who can help you? ICT Hub: www.icthub.org.uk Knowledgebase - www.icthubknowledgebase.org.uk Suppliers Directory Publications IT 4 Communities: www.it4communities.org.uk Volunteers AbilityNet: www.abilitynet.org.uk Accessibility

ICT Hub: www.icthub.org.uk

Knowledgebase - www.icthubknowledgebase.org.uk

Suppliers Directory

Publications

IT 4 Communities: www.it4communities.org.uk

Volunteers

AbilityNet: www.abilitynet.org.uk

Accessibility

Any other questions? Mark Walker SCIP 01273 234049 [email_address] www.scip.org.uk

Any other questions?

Mark Walker

SCIP

01273 234049

[email_address]

www.scip.org.uk