IT risk management policy

For each digital project, we undertake the following steps to ensure IT-related risks have been considered and planned for.

1. Catalog IT assets

IT assets include computers, routers, servers, software, data, emails, networks and files.

2. Determine the type of threats that each asset could potentially face

Threats can include hackers, user errors, viruses, system crashes, hardware failure, power outages and natural disasters such as hurricanes, floods and earthquakes.

3. Estimate the cost of managing these threats

When estimating costs we also consider anything that could negatively affect the client organisation's reputation or cause an interruption in commerce or operations.

4. Implement risk controls

Risk controls are the precautions we take to reduce the likelihood that one of the determined risks will actually happen. Examples of risk controls include server security, data encryption, routine backups and a business continuity plan.

Risk controls will be designed for each project on a cost/benefit bases in accordance with the specific project requirements.

5. Educate users of risk controls and policies

Once risk controls are implemented, management should educate the staff on any policy changes and explain how the newly implemented risk controls will help mitigate IT risks.

6. Track IT risk controls and monitor risks

IT risk management policies should be revisited annually to ensure policies are still relevant. Risk management is a continuous process that can influence practices and decisions made throughout the organization.