Does your risk management strategy take into account loss of data?
ShareShare

Does your risk management strategy take into account loss of data?

Published in July 23rd, 2018

When we talk about risk management in the context of asset management, you immediately think of a risk management process linked to physical objects, facilities or even people. However, in today’s world, intellectual property and electronic records are one of the most important sources of information in an organization. They may contain secrets, data and records that are essential for the operation of the physical operational assets and facilities as a whole. Do you have a system that guarantees this information is backed up?

Data loss can occur in a number of ways, including:

  • Data theft, by employees or external persons;
  • Equipment malfunction or failure (for example, hard drive failure);
  • On site incidents, such as fire, flood, earthquake, power outage.

To protect your data, your risk management plan needs to identify and implement a management process to reduce and manage these risks. Here are some practical steps to implement one.

Risk management action plan for data protection

Step 1: Identify all sources of data collection and storage that contain information that should be part of the strategy:

  • General administration of computers, including e-mails, files, photos, plans etc.
  • Website (including databases)
  • Intranet
  • Shared Servers
  • Software applications (and associated databases)
  • Access Controls

Step 2: Determine where and how to do the backup

Should the data be stored internally or in an external environment? Is there a compliance requirement for data that requires external backup? (For example, the financial sector may decide on the external maintenance of customer and transaction records).

For greater security, a combination of an on-site backup process together with an external backup system is recommended. Both systems can be configured for routine continuous backups that eliminate the possibility of human error.

Step 3: Determine the frequency

This will depend largely on the type of facility and business obligations of management organization. For example, for Data Centers or Critical Environments, the obligations will be significantly greater than for a residential operation.

Thus, this combination of the type of facility and the data backup devices will determine the frequency of this process. A monthly backup of all systems would be the absolute minimum frequency to be considered in this process, regardless of the facility.

For dynamic operations, the most appropriate would be a daily backup. However, some kind of balance should be found between risk management and operational effectiveness.

In summary:

Data loss should be included in all risk management strategies within the functions of facility management.

The effort and additional costs involved in operating these processes may seem like an option, or even a luxury, if you have never lost data in the past. However, anyone who has experienced a system failure and loss of data, on any scale, can easily understand the real impacts of such a loss, which can be devastatingly damaging, both operationally and emotionally.

Asset management and risk management are processes that can be managed much more effectively and productively with the help of a software solution. Learn how SoftExpert can help you by clicking here.

 

About the author
Tobias Schroeder

Tobias Schroeder

MBA in Strategic Management from UFPR. Business and market analyst at SoftExpert, a software provider for enterprise-wide business processes automation, improvement, compliance management and corporate governance.

You might also like:

Logo SoftExpert Suite

The most comprehensive corporate solution for business compliance, innovation and digital transformation