Managing information technology risks
Coronavirus (COVID-19): Business continuity
Find out about free online services, advice and tools available to support your business continuity during COVID-19.
Managing information technology (IT) risks is a structured process that involves a series of activities designed to:
- identify risks
- assess risks
- mitigate risks
- develop response plans
- review risk management procedures.
A comprehensive approach to risk management used by Australian emergency management agencies is based on the prevention, preparedness, response and recovery (PPRR) model.
As a first step in managing IT risks, you should be aware of the legal and legislative requirements for business owners, such as the Spam Act 2003 (Cwlth), the Electronic Transactions (Qld) Act 2001 and privacy laws.
Read more about legal obligations for online business.
IT risk assessment
An effective IT risk assessment identifies serious risks, based on the probability that the risk will occur, and the costs of business impacts and recovery.
Business continuity planning
Having identified risks and likely business impacts, the development of a business continuity plan can help your business survive and recover from an IT crisis. A business continuity plan identifies critical business activities, risks, response plans and recovery procedures.
IT risk management policies and procedures
IT policies and procedures explain to staff, contractors and customers the importance of managing IT risks and may form part of your risk management and business continuity plans.
Security policies and procedures can assist your staff training on issues such as:
- safe email use
- setting out processes for common tasks
- managing changes to IT systems
- responses to IT incidents.
A code of conduct can provide staff and customers with clear direction and define acceptable behaviours in relation to key IT issues, such as protection of privacy and ethical conduct.
Learn more about staff training.
- Learn about resources to improve the cyber security of your business.
- Read the Electronic Transactions (Qld) Act 2001.
- Learn about protecting IT data and systems.
- Learn more about staff codes of conduct which can affect your online presence.
- Find out how to create a digital strategy for your business.
- Read about cloud computing and broadband for your business.