ITT Technical Institute
A risk is an event or condition that, if it occurs, could have a positive or negative effect on a project’s objectives. Risk Management is the process of identifying, assessing, responding to, monitoring, and reporting risks. This Risk Management Plan defines how risks associated with the DLIS project will be identified, analyzed, and managed. It outlines how risk management activities will be performed, recorded, and monitored throughout the lifecycle of the project and provides templates and practices for recording and prioritizing risks.
The Risk Management Plan is created by the project manager in the Planning Phase of the IT department and is monitored and updated throughout the project.
The intended audience of this document is the project team, project sponsor and management.
1. Define the risk assessment to be used.
The risk must be measurable in some way.
2. Identify the risk
Risks will be categorized
3. Monitor the risk
-Asses the action taken
4. Control the risk - Confirm mitigation - Take action when things happen - Revise risk assessment document
The plan will not be responsible for risks that occur, rather help to mitigate them. This plan should help in identifying risks that are possible to occur. When the risks are identified proper action should be taken to resolve them.
The departments that will have a stake in the plan is as follows:
Consists of many individuals that may approve or deny activities
DLA Document Services
Make documents available, when asked and in multiple formats
DLA Logistics services -IT
DLA Logistic Management Standards office -IT
Each department will have a chance to review the documents, after a week of review each person on the department must sign off on it no later than 2014-27-4.
Project Part 1 Task2: Risk Mitigation Plan Risk Mitigation, in order to mitigate we have to identify the risk. There are many ways that the mitigation plan can happen; the most efficient way is a chart.
Impact on Project Success
Likelihood of Occurrences
Have a backup location ready to go in case of Equipment
i.e. servers, switches, routers…
Create daily incremental backups of data, and have back up equipment ready to be installed
IT department should be able to keep the company in compliance
Have up to date virus definitions and good anti-virus/malware software With a good plan in place, we would also conduct the cost of each occurrence and the affect it would have financially. Mitigation plans are as good as we make them. With this mitigation plan the company may address the problems at hand. With all risks we have to take in consideration the impact it would have on our integrity, and confidentiality. The main risk would be an internal risk. Our staff may intentionally or unintentionally want to disrupt the organization. Certain controls have to be placed in order to mitigate the risks, such as access controls, being physical or non-physical. These would help us in the event of an occurrence of a risk. We can pre form a cost analysis of our plan to see what value to the company each risk has. To do that we would use a threat impact matrix, that would let us decipher our cost versus the likelihood of a risk to happen.
Business Impact Analysis
Table 1.0 – Initial screening of business functions for ‘time criticality’
Table 2.0 – Activation priority for critical business functions
Critical Business Function
Type of major/critical impact
Calendar Critical Period
Reputation & Image
No time may be lost to help with 0 day