Risk Management

From IT Process Wiki
Revision as of 17:48, 15 December 2007 by Andrea (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
diese Seite auf Deutsch

ITIL Version: ITIL Version 3 (ITIL V3)

Process Objective: To identify, assess and control risks. This includes analysing the value of assets to the business, identifying threats to those assets, and evaluating how vulnerable each asset is to those threats.

Part of: Service Design

Process Owner: Risk Manager


ITIL V3 vs. ITIL V2: Risk Management

  • Risks are addressed within several processes in ITIL V2 and ITIL V3; there is, however, no dedicated Risk Management process
  • ITIL V3 calls for “coordinated risk assessment exercises”, so at IT Process Maps we decided to assign clear responsibilities for managing risks, which meant introducing a specific Risk Management process as part of the ITIL® Process Map V3
  • Having a basic Risk Management process in place will provide a good starting point for introducing best-practice Risk Management frameworks like M_o_R (as recommended in the ITIL V3 books)


Sub-Processes of Risk Management (ITIL V3)

Overview of the Risk Management Process, ITIL V3 (.pdf)
Business Impact and Risk Analysis
Process Objective: To quantify the impact to the business that a loss of service or asset would have, and to determine the likelihood of a threat or vulnerability to actually occur. The result of this process is the Risk Register, a prioritized list of risks which must be subsequently addressed.
Assessment of Required Risk Mitigation
Process Objective: To determine where risk mitigation measures are required, and to identify Risk Owners who will be responsible for their implementation and ongoing maintenance.
Risk Monitoring
Process Objective: To monitor the progress of counter measure implementation, and to take corrective action where necessary.


Roles within Risk Management (ITIL V3)