Risk Management
From IT Process Wiki
| diese Seite auf Deutsch |
|---|
ITIL Version: ITIL Version 3 (ITIL V3)
Process Objective: To identify, assess and control risks. This includes analysing the value of assets to the business, identifying threats to those assets, and evaluating how vulnerable each asset is to those threats.
Part of: Service Design
Process Owner: Risk Manager
Contents |
[edit] ITIL V3 vs. ITIL V2: Risk Management
- Risks are addressed within several processes in ITIL V2 and ITIL V3; there is, however, no dedicated Risk Management process
- ITIL V3 calls for “coordinated risk assessment exercises”, so at IT Process Maps we decided to assign clear responsibilities for managing risks, which meant introducing a specific Risk Management process as part of the ITIL® Process Map V3
- Having a basic Risk Management process in place will provide a good starting point for introducing best-practice Risk Management frameworks like M_o_R (as recommended in the ITIL V3 books)
[edit] Sub-Processes of Risk Management (ITIL V3)
- Business Impact and Risk Analysis
- Process Objective: To quantify the impact to the business that a loss of service or asset would have, and to determine the likelihood of a threat or vulnerability to actually occur. The result of this process is the Risk Register, a prioritized list of risks which must be subsequently addressed.
- Assessment of Required Risk Mitigation
- Process Objective: To determine where risk mitigation measures are required, and to identify Risk Owners who will be responsible for their implementation and ongoing maintenance.
- Risk Monitoring
- Process Objective: To monitor the progress of counter measure implementation, and to take corrective action where necessary.
[edit] Roles within Risk Management (ITIL V3)
- Risk Manager (Process Owner)
