Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Avoiding Apocolypse Marcus Pennell, SCIP Mark Walker, SCIP and Regional ICT Champion for the South East
ICT Risk Assessment and Recovery Planning   <ul><li>Identifying Risk </li></ul><ul><li>Evaluating Risk </li></ul><ul><li>A...
About SCIP <ul><li>Not for profit social enterprise </li></ul><ul><ul><li>Training inc Net:Gain </li></ul></ul><ul><ul><li...
Managing Risk <ul><li>Identify the Risk </li></ul><ul><ul><li>What can wrong? </li></ul></ul><ul><li>Evaluate the Risk </l...
Identifying Risk <ul><li>Legal requirement </li></ul><ul><li>Funders’ requirement </li></ul><ul><li>Better planning </li><...
Types of Risk <ul><li>Technology that doesn’t work </li></ul><ul><li>Loss, damage or theft of equipment or data </li></ul>...
Types of Risk <ul><li>Technology that doesn’t work </li></ul><ul><ul><li>Individual computers </li></ul></ul><ul><ul><li>N...
Types of Risk <ul><li>Loss, damage or theft </li></ul><ul><ul><li>Stolen or damaged in use  </li></ul></ul><ul><ul><li>Mal...
Types of Risk <ul><li>Unauthorised access </li></ul><ul><ul><li>Internal Confidentiality </li></ul></ul><ul><ul><li>Extern...
Types of Risk <ul><li>Legal Compliance </li></ul><ul><ul><li>Data Protection Act </li></ul></ul><ul><ul><li>Charities Law/...
Types of Risk <ul><li>Loss of key personnel </li></ul><ul><ul><li>Staff members </li></ul></ul><ul><ul><li>Volunteers </li...
Evaluating Risk <ul><li>How likely is it to occur? </li></ul><ul><ul><li>High, medium or low likelihood </li></ul></ul><ul...
Analysing Risk <ul><li>What will be the impact? </li></ul><ul><ul><li>Financial management </li></ul></ul><ul><ul><li>Day ...
Analysing Risk <ul><li>What will be the impact? </li></ul><ul><ul><li>Computers stop working therefore organisation stops ...
Managing Risk <ul><li>Routine reviews of relevant policies </li></ul><ul><li>Routine maintenance of ICT resources </li></u...
Managing Risk <ul><li>Roles and Responsibilities </li></ul><ul><ul><li>Planning, evaluation and analysis </li></ul></ul><u...
Managing Risk <ul><li>Backup strategies </li></ul><ul><ul><li>How and when to backup and who is doing it </li></ul></ul><u...
Where to get help <ul><li>What help does your organisation need? </li></ul><ul><ul><li>Planning,  </li></ul></ul><ul><ul><...
Types of help <ul><li>National </li></ul><ul><ul><li>ICT Hub Knowledgebase </li></ul></ul><ul><li>Regional </li></ul><ul><...
Who can help you? <ul><li>ICT Hub:  www.icthub.org.uk </li></ul><ul><ul><li>Knowledgebase - www.icthubknowledgebase.org.uk...
 
 
<ul><li>Any other questions? </li></ul><ul><ul><li>Mark Walker </li></ul></ul><ul><ul><li>SCIP </li></ul></ul><ul><ul><li>...
Upcoming SlideShare
Loading in …5
×

080312 Ict Hub Risk Management

966 views

Published on

  • Be the first to comment

080312 Ict Hub Risk Management

  1. 1. Avoiding Apocolypse Marcus Pennell, SCIP Mark Walker, SCIP and Regional ICT Champion for the South East
  2. 2. ICT Risk Assessment and Recovery Planning <ul><li>Identifying Risk </li></ul><ul><li>Evaluating Risk </li></ul><ul><li>Analysing Risk </li></ul><ul><li>Managing Risk </li></ul><ul><li>Where to get help </li></ul>
  3. 3. About SCIP <ul><li>Not for profit social enterprise </li></ul><ul><ul><li>Training inc Net:Gain </li></ul></ul><ul><ul><li>IT Support </li></ul></ul><ul><ul><li>Web Design </li></ul></ul><ul><ul><li>Databases </li></ul></ul><ul><ul><li>Community Projects </li></ul></ul><ul><ul><li>Where to get Help </li></ul></ul>
  4. 4. Managing Risk <ul><li>Identify the Risk </li></ul><ul><ul><li>What can wrong? </li></ul></ul><ul><li>Evaluate the Risk </li></ul><ul><ul><li>How likely is it to occur? </li></ul></ul><ul><li>Analyse the Risk </li></ul><ul><ul><li>What would be the impact? </li></ul></ul><ul><li>Manage the Risk </li></ul><ul><ul><li>Policies and procedures </li></ul></ul>
  5. 5. Identifying Risk <ul><li>Legal requirement </li></ul><ul><li>Funders’ requirement </li></ul><ul><li>Better planning </li></ul><ul><li>Better use of resources </li></ul>
  6. 6. Types of Risk <ul><li>Technology that doesn’t work </li></ul><ul><li>Loss, damage or theft of equipment or data </li></ul><ul><li>Unauthorised access </li></ul><ul><li>Legal compliance </li></ul><ul><li>Loss of key personnel </li></ul>
  7. 7. Types of Risk <ul><li>Technology that doesn’t work </li></ul><ul><ul><li>Individual computers </li></ul></ul><ul><ul><li>Networks </li></ul></ul><ul><ul><li>Databases </li></ul></ul><ul><ul><li>Websites </li></ul></ul><ul><ul><li>Specialist equipment </li></ul></ul><ul><li>Completely broken </li></ul><ul><li>Doesn’t do what it’s supposed to </li></ul>
  8. 8. Types of Risk <ul><li>Loss, damage or theft </li></ul><ul><ul><li>Stolen or damaged in use </li></ul></ul><ul><ul><li>Malicious attack eg virus </li></ul></ul><ul><ul><li>Fire, Flood, ‘acts of god’ </li></ul></ul>
  9. 9. Types of Risk <ul><li>Unauthorised access </li></ul><ul><ul><li>Internal Confidentiality </li></ul></ul><ul><ul><li>External Attack </li></ul></ul><ul><ul><li>Passwords </li></ul></ul><ul><ul><li>Storage of sensitive information </li></ul></ul>
  10. 10. Types of Risk <ul><li>Legal Compliance </li></ul><ul><ul><li>Data Protection Act </li></ul></ul><ul><ul><li>Charities Law/Companies Act </li></ul></ul><ul><ul><li>Disability Discrimination Act </li></ul></ul><ul><ul><li>Health and Safety </li></ul></ul><ul><ul><li>Software licensing and copyright </li></ul></ul><ul><ul><li>Employment Law </li></ul></ul>
  11. 11. Types of Risk <ul><li>Loss of key personnel </li></ul><ul><ul><li>Staff members </li></ul></ul><ul><ul><li>Volunteers </li></ul></ul><ul><ul><li>Specialist knowledge </li></ul></ul><ul><ul><ul><li>ICT Systems </li></ul></ul></ul><ul><ul><ul><li>Use of Database </li></ul></ul></ul><ul><ul><ul><li>Specific Services eg Online Banking </li></ul></ul></ul>
  12. 12. Evaluating Risk <ul><li>How likely is it to occur? </li></ul><ul><ul><li>High, medium or low likelihood </li></ul></ul><ul><ul><li>A range of risks </li></ul></ul><ul><ul><li>Dependencies and knock on effects </li></ul></ul>
  13. 13. Analysing Risk <ul><li>What will be the impact? </li></ul><ul><ul><li>Financial management </li></ul></ul><ul><ul><li>Day to day operations </li></ul></ul><ul><ul><li>Service Delivery </li></ul></ul><ul><ul><li>Employment Issues </li></ul></ul><ul><ul><li>Disaster recovery </li></ul></ul><ul><ul><li>Cost </li></ul></ul><ul><ul><li>Efficiency/effectiveness </li></ul></ul>
  14. 14. Analysing Risk <ul><li>What will be the impact? </li></ul><ul><ul><li>Computers stop working therefore organisation stops working </li></ul></ul><ul><ul><li>Passwords not available therefore services not available </li></ul></ul><ul><ul><li>Server not working </li></ul></ul><ul><ul><li>Website not available </li></ul></ul><ul><ul><li>Client records or other important information lost </li></ul></ul><ul><ul><li>Misuse of client information </li></ul></ul><ul><ul><li>Threat of legal action </li></ul></ul>
  15. 15. Managing Risk <ul><li>Routine reviews of relevant policies </li></ul><ul><li>Routine maintenance of ICT resources </li></ul><ul><ul><li>Housekeeping </li></ul></ul><ul><ul><li>Health checks </li></ul></ul><ul><li>Backup procedures </li></ul><ul><li>Disaster recovery plans </li></ul>
  16. 16. Managing Risk <ul><li>Roles and Responsibilities </li></ul><ul><ul><li>Planning, evaluation and analysis </li></ul></ul><ul><ul><li>Resourcing and Fundraising </li></ul></ul><ul><ul><li>Technical solutions </li></ul></ul><ul><ul><li>Day to day operations </li></ul></ul><ul><ul><li>Testing </li></ul></ul><ul><ul><li>Reporting </li></ul></ul><ul><li>Individual and collective responsibility </li></ul><ul><ul><li>Managers, Staff, Trustees, Volunteers, IT Service Providers </li></ul></ul>
  17. 17. Managing Risk <ul><li>Backup strategies </li></ul><ul><ul><li>How and when to backup and who is doing it </li></ul></ul><ul><ul><li>On-site vs off-site </li></ul></ul><ul><ul><li>Online vs hard drive vs tape </li></ul></ul><ul><ul><li>Data recovery - processes and timescale </li></ul></ul><ul><li>Security strategies </li></ul><ul><ul><li>Levels of access </li></ul></ul><ul><ul><li>Password strength </li></ul></ul><ul><li>Training </li></ul><ul><ul><li>Who, what, when </li></ul></ul>
  18. 18. Where to get help <ul><li>What help does your organisation need? </li></ul><ul><ul><li>Planning, </li></ul></ul><ul><ul><li>Project management </li></ul></ul><ul><ul><li>Research/signposting </li></ul></ul><ul><ul><li>Installation </li></ul></ul><ul><ul><li>Implementation </li></ul></ul><ul><ul><li>Review </li></ul></ul><ul><ul><li>Fundraising </li></ul></ul>
  19. 19. Types of help <ul><li>National </li></ul><ul><ul><li>ICT Hub Knowledgebase </li></ul></ul><ul><li>Regional </li></ul><ul><ul><li>ICT Champion </li></ul></ul><ul><li>Local/sub-regional </li></ul><ul><ul><li>Circuit Riders, IT Support Companies </li></ul></ul><ul><ul><li>Volunteer Centre, university </li></ul></ul><ul><ul><li>net:gain Centres </li></ul></ul>
  20. 20. Who can help you? <ul><li>ICT Hub: www.icthub.org.uk </li></ul><ul><ul><li>Knowledgebase - www.icthubknowledgebase.org.uk </li></ul></ul><ul><ul><li>Suppliers Directory </li></ul></ul><ul><ul><li>Publications </li></ul></ul><ul><li>IT 4 Communities: www.it4communities.org.uk </li></ul><ul><ul><li>Volunteers </li></ul></ul><ul><li>AbilityNet: www.abilitynet.org.uk </li></ul><ul><ul><li>Accessibility </li></ul></ul>
  21. 23. <ul><li>Any other questions? </li></ul><ul><ul><li>Mark Walker </li></ul></ul><ul><ul><li>SCIP </li></ul></ul><ul><ul><li>01273 234049 </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul><ul><ul><li>www.scip.org.uk </li></ul></ul>

×