How do I know my systems carry any risk?
When businesses talk about risk, mostly this is around their financial dealings. or possibly a new market they wish to enter. Lots of work will go into what risks the business may carry, which will vary wildly.
In the background, data and technical resources supporting the mission will be well looked after by very capable people. Senior management will be happy if these systems give little trouble to the end users. However, while they are doing a great job keeping the lights on, what if something really serious happened that reduces the reliability?
Technical and data risk, if not adequately measured and mitigated, will manifest itself as potential issues at the business capability model level. Having a good mapping between the technology and the business model will allow senior decision makers to identify where to best invest to mitigate and control technical and data risk, before it becomes an issue to the business.
Sometimes, it’s not obvious
When considering technical and data risk, what is the first thing that comes to mind? Normally that is: Are my backups up to date? Well, that is a good point, but there is more to it than that. How about adding: Are my backups up to date, and do they work? When was the last time you tested the recovery of your central ERP system? Okay, this is probably something you practice all the time, right?
However, risk to your data is also linked to the technical risk. After all, data needs something to host it. What about the location of your servers? If you have moved largely or completely to the cloud, then big tick. All physical risk is taken care of as part of the agreement by the cloud provider. You now just need to concentrate on data risk.
There is one area which is a major cause of technical and data risk, even when you have handed over your services to the cloud: people. Your staff will need access to data to perform their day to day job. But there is also something few organisations seem to miss, and that is the current state of mind of their staff. A disgruntled employee can be the biggest risk to technology and data, and something organisations tend to miss. Even a call handler has the power to create reputational damage if their feelings reach a low and feel they cannot talk about their feelings. In the 1970’s, a local college lost an expensive computer system two days before Christmas due to the technician having an episode of depression. It turns out he had personal problems he couldn’t talk to anyone at the college about and decided to take it out on the hardware: he locked himself in the computer room and took a large axe to the internals, writing it off.
Your people are your greatest asset and you must look after them. Risk management must include how you deal with staff personal problems and as part of our survey we would collect information on what services you provide for staff morale.
Your data is the lifeblood of your business. Without it, you don’t pay staff, settle bills, track production, or plan for the future. Around the subject of your data risk, you should be asking these sort of questions:
- Is my data secured?
- Can users only get to the data they need to perform their duties?
- Am I losing time through poor performing databases?
- Is the data on the most appropriate platforms?
- Is the data exposed to parts of the network that carry greater risk?
Ensuring the data is secure and healthy reduces the risk to it. Likewise, the technical landscape will also effect the risk of the data. Questions such as:
- Have the users got too much or too little permission to do their job; is everyone an administrator just because it’s easier?
- Is the underlying infrastructure supported by the vendors?
- Is all my software patched and up to date?
- Are there any licences that could be expiring?
- HO old is my infrastructure?
These lists are not exhaustive, but we can discuss more when you call.
Provantage and Risk Management
By having a technical and data risk assessment by Provantage, you will be sure you have the data to make informed decisions about your risks. Regardless of size, especially in this current climate, businesses need to ensure their systems and data are safe, and able to handle outage with as little risk to the operation of the company. Call now to talk about your risk assessment requirements.