Information technology risk management checklist

If your business uses information technology (IT), it's important to understand the key steps that you can take to minimise IT risk. Risks include hardware and software failure, human error, spam, viruses and malicious attacks, as well as natural disasters.

This IT risk management checklist can help you determine the basic precautions and steps to take in managing IT risk to your business.

Read through the checklist and click 'Yes' or 'No' to answer the questions.

If you answer 'No' to any question, you will create a list of actions to complete to ensure your business can manage IT risk.

Have you:

Developed and implemented IT risk assessment plans?
  •  
  •  
Developed, implemented and tested business continuity plans?
  •  
  •  
Included IT security as part of the physical design of your work premises?
  •  
  •  
Assessed IT security at the planning stage of new or changed IT systems?
  •  
  •  
Discussed IT risks with system users?
  •  
  •  
Conducted workshops to identify potential IT risks, and devised possible actions to minimise exposure?
  •  
  •  
Conducted desktop or simulated IT incidents to assess the performance of incident planning, emergency response and recovery plans?
  •  
  •  
Developed staff training resources with specific IT risk management focus?
  •  
  •  
Installed and used firewalls and anti-virus software?
  •  
  •  
Assessed the safety of online presence, including social media and security of online transactions?
  •  
  •  
Understood and complied with relevant laws, legislation and industry guidelines?
  •  
  •  
Kept software up to date?
  •  
  •  
Checked and monitored life cycle performance of hardware?
  •  
  •  
Developed data back-up processes, including incremental and daily back-ups to off-site locations?
  •  
  •  
Used standard configurations for computers, servers, firewalls and other network elements?
  •  
  •  
Changed passwords and maintained authorised access protocols?
  •  
  •  
Maintained and reviewed appropriate business insurance?
  •  
  •  
Identified significant IT risks and the probability, costs and impacts of those risks?
  •  
  •  
Developed specific IT business policies, procedures and code of conduct?
  •  
  •  

Also consider...