Risk Assessments

 View Only
  • 1.  New Technology Inherent Risk

    Posted 08-04-2020 02:46 PM

    I understand that using a "new technology" poses some inherent risk. But aside from whatever due diligence items are required for an application that is hosting data or connected to our network, what else might need to be or could be considered to mitigate this particular inherent risk?



  • 2.  RE: New Technology Inherent Risk

    Posted 08-13-2020 10:28 AM
    1. This question is written with you assuming you want to "reduce" / mitigate risk.  You may find in due-diligence that the risk is too high and likely. A good solution would be to "avoid" and select a new vendor all together.  Or the results may be a shining example with limited risk, and you simply "accept" after your analysis of low impact.
    2. But, in order to implement proper and specific  controls that would translate to a "reduced" residual risk, you will need to understand what is inherent and likely. For example it may be info security related or availability/resilience related, or both.  
    3. Example mitigants of risk to availability may be:
      • alternate tech providers (already on-boarded) 
      • manual work arounds / absorption in-house
    4. Testing for effectiveness and how real the controls are will be a necessary step to finalize the plan