Managing information technology risks

Managing information technology (IT) risks is a structured process that involves a series of activities designed to:

  • identify risks
  • assess risks
  • mitigate risks
  • develop response plans
  • review risk management procedures.

A comprehensive approach to risk management used by Australian emergency management agencies is based on the prevention, preparedness, response and recovery (PPRR) model.

Legal requirements

As a first step in managing IT risks, you should be aware of the legal and legislative requirements for business owners, such as the Spam Act 2003 (Cwlth), the Electronic Transactions (Qld) Act 2001 and privacy laws.

Read more about legal obligations for online business.

IT risk assessment

An effective IT risk assessment identifies serious risks, based on the probability that the risk will occur, and the costs of business impacts and recovery.

To complete your IT risk assessment identify risks to your business and perform a business impact analysis.

Business continuity planning

Having identified risks and likely business impacts, the development of a business continuity plan can help your business survive and recover from an IT crisis. A business continuity plan identifies critical business activities, risks, response plans and recovery procedures.

Read more about business continuity planning, and download our business continuity plan template.

IT risk management policies and procedures

IT policies and procedures explain to staff, contractors and customers the importance of managing IT risks and may form part of your risk management and business continuity plans.

Security policies and procedures can assist your staff training on issues such as:

  • safe email use
  • setting out processes for common tasks
  • managing changes to IT systems
  • responses to IT incidents.

A code of conduct can provide staff and customers with clear direction and define acceptable behaviours in relation to key IT issues, such as protection of privacy and ethical conduct.

Learn more about staff training.

Also consider...