Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
|
Risk strategy
280 ● ● theft of computers and other hardware; ● ● unauthorized access into IT systems; ● ● introduction of viruses into the system; ● ● hardware or software faults and failures; ● ● user error, including loss or deletion of information; ● ● IT project failure. Most organizations will need to set up an IT policy that is designed to ensure correct use of data as well as protecting the IT infrastructure of the organization. The policy should include information on responsibility for IT systems, details of back-up procedures, anti-virus and spyware procedures, use of personal data, personal use of the internet and restrictions on personal e-mails. Most organizations will allow a certain amount of personal use of computer systems by employees. However, this should not be allowed to become excessive and specific restrictions should be placed on internet access to inappropriate websites. Another area of concern to organizations is data protection and the use or disclosure of personal information by the organization. Most countries have extensive legal requirements in place related to the protection of personal data held on computer. Computer and IT failures will occur from time to time and the organization should ensure adequate back-up arrangements, so that only limited data is lost. Organizations with a very high dependency on their IT infrastructure should have detailed DRPs in place. In many circumstances, these will extend to arrangements for an emergency duplicate back-up computer facility, available either in a mobile trailer driven to the existing office location of the organization or at an alternative location. The emergency back-up facilities can range from a complete duplicate facility with fully up-to-date information (often referred to as a hot-start facility) to an alternative computer system that has no data preloaded (referred to as a cold-start facility). There are a range of options for back-up systems that are a combination of these two approaches, and these are usually referred to as warm-start facilities. HR risks All organizations require a workforce of employed staff/contractors and/or volunteers. Therefore, there will always be human resources risks attached to the operation of every organization, regardless of its size, nature and the range of activities it undertakes. There are a number of risk areas associated with the employment of staff and the utilization of the human resource within the organization: ● ● employee engagement and termination; ● ● legislative and regulatory compliance; ● ● recruitment, retention and skills availability; ● ● pension arrangements; ● ● performance and absence management; ● ● health and safety. |
