RISK. Does IT or specialized team rule it?
RISK in organization is a matter that should be take as part of their business. "life is so risky that we will die by sure". So businesses have to consider that vector depending on the market, industry where the "Bizz" is perform.
But what are those RISKs?
- War, Terrorism, crime
- Environmental & Natural
- Economics & Financial
- Health & Safety ( Biological, Diseases,..)
- Political & social and many others......
All of those have to be consider by the "C " level and find out the feasibility of occurrence to the business and then take the action that can avoid, mitigate, traslate or accept (or walkaway from) as part of the business OPEration.
At this point exist several techniques to set what , when, where, who, why, could arise the events. But who should be the responsible for find them?
Up today most of the IT organizations have learnt that they most be prepare for any downtime (connectivity, processing or storage ) even if a generator set or cooling system is down they have the DRPs to solve such situation.
But,what happen when a production/distribution/sales issues takes down the business?
v.gr. machinery short circuit, snow season, customer bankruptcy, suppliers shortcuts, CEO's death, HQ, fire or,....etc.
All of those situation have to be addressed in a Business Continuity Administration scheme, where the Business Continuity Plan takes the place when something goes wrong. But those tools start in the very first premise. The RISK.
A Business Impact Analysis pop up which of those treats have to be consider as priority to address, reduce, mitigate or simple accept. The initial tool to get this is the RISK analysis where each one of those mentioned before will show the features that can bring them into the scene of a potential trouble for the organization.
So the question remains. Who must perform, prepare & deliver the possible solutions with these studies for the C level?
Please share your ideas, what do you think?
Roberto Sanchez, RCDD