Itello see risk and business continuity management as two correlated parts. It is initially to identify, evaluate and compile the effects of the risks.
After compiling and analyzing the next step is to work on risk and impact mitigation.
Parallel planning and training for business continuity management is done when a backup process still needs to be activated to rapidly reduce the harmful effect.
All identified types of risks covered and handled in context. Risk types are identified as:
– Strategic risks
– Operational risks
– Economic / financial risks
– Physical risks
Risk descriptions are made in three steps as shown below:
1. Risk identification is made with representatives from all Itello to find all relevant risks, regardless of type of risk and how they can / should be handled.
2. The risk analysis is given to each risk a risk value based on the probability of the risk occurring and the effect it would produce. The risk value is taken from the matrix below.
3. The risk inventory is completed with a decision of how the risk should be managed either as risk and impact mitigation (risk management), or harm reduction (business continuity management).
– Risk and effect minimization – reducing the likelihood that the risk occurs and / or the effect of an event by means of robust processes.
– Harm reduction – reduce the effect of the damage with different types of backup processes. This whole management is in the business continuity management.
Itellos management system for risk management is tasked with developing regulations and ensure that these rules are implemented in the organization. The management system also has the task of checking compliance with the rules and to initiate improvements in risk management.
Itello intend to comply with ISO standard 31000 in our work on risk management