It could be a punishing snowstorm that brings down power for weeks. It could be a hacker that vandalizes your website. Or a war-torn country that inhibits communication with your team. It might even be as simple as a data backup that stops running for some reason. Running an organization with an online element is inherently risky, yet few leaders think seriously about what those risks might be and how they might affect day-to-day operations.
Earlier this month in the blog, we talked about how non-profits should think about IT risk management when they have an online element to their organization.
But how do you create an IT risk management plan? Start with these four steps:
1. Identify possible risks.
First think of all the forms of electronic communication you use, and brainstorm together some worst case scenarios. What could possibly go wrong? Write them down.
2. Categorize and prioritize.
Now look at your list and decide which is the most potentially damaging. You might rank the risks by Low, Medium and High, so you can decide where to put your most careful plan.
3. Determine plausibility.
Some of the items on your list are more likely to happen than others, even if they’re damaging. An earthquake might flatten your off-site storage facility, but is it likely to happen in the middle of Utah? Rank your items based on plausibility: Possible, Probable and Likely are helpful labels.
4. Make your plan.
Now you have a good idea of what could go wrong and the likelihood it will. Think through each item and plot out what you would do in case it happens. Will your web project manager quit? Have a good staffing agency on call. Did you delete your website’s homepage? Have your web host on speed dial so they can revert to the latest backup. Write down every step so anyone can pick up the plan and know what to do.
Educated plans are the best, so don’t shy from asking others what they might do. Plan within your department, and call in colleagues and other professionals for their advice.
Your turn: do you assess risk? Let us know in our poll if you have a risk management plan for your organization. We’ll share the results in our next newsletter. Take the poll!
[This appeared in our February newsletter. Wanna subscribe? Do it now!]