Assignment: Risk Management Plan
Scenario:
As a newly hired consultant, you have been tasked with the duties of creating and presenting a risk management/business contingency plan for your first client. The legal department and the IT department have both expressed concerns regarding the ethical use and protection of sensitive data, customer records, and other information systems content. In the interest of creating confidence and job satisfaction in this new position, your new employer has decided to let you select your first client.
For this task, you may select your client from your actual place of employment, a local small business, or a well-known public company. The client must operate internationally in at least some aspects of its business, and allow for a response to each aspect in this task.
Note: Any information that would be considered confidential, proprietary, or personal in nature should not be included. Do not include the actual names of people, suppliers, the company, or other identifiable information. Fictional names should be used. Also, company-specific data, including financial information, should not be included, but may be addressed in a general fashion if appropriate.
Requirements:
Note: Your submission should be presented in report format. You should utilize the risk register template for your responses to prompts A1-A3.
A. Create a risk register (suggested length of 8-10 pages) that identifies eight risks currently facing the company.
1. Explain how one of the identified risks stems from an aspect of the company's global marketplace activities (e.g., manufacturing uncertainties, problems with suppliers, political instability, currency fluctuations).
2. Describe the source(s) of each risk.
a. Explain how each risk stems from the described source(s) (suggested length of 1-2 sentences for each source).
3. Identify the risk level for each risk (i.e., high, medium, or low).
a. Justify each identified risk level in terms of the following:
• severity of the impact
• likelihood of occurrence
• controllability
B. Discuss an appropriate risk response for each risk from part A (suggested length of 1 paragraph per risk) to reduce the possible damage to the company.
C. Create a business contingency plan (BCP) (suggested length of 10-12 pages), such as that included in a policy manual, that the company would follow if faced with a major business disruption by doing the following:
1. Discuss what strategic pre-incident changes the company could follow to ensure the well-being of the company.
2. Discuss the ethical use and protection of sensitive data by doing the following:
a. Discuss what constitutes sensitive data.
b. Explain how data will be physically protected during normal business operations.
c. Explain how data will by physically protected in the event of a disruption.
d. Explain how the company will ensure data is used ethically.
3. Discuss the ethical use and protection of customer records by doing the following:
a. Discuss what constitutes customer records for your chosen company.
b. Discuss the systems or security measures that would be put in place to protect customer records during normal business operations.
c. Discuss the systems or security measures that would be put in place to protect customer records in the event of a disruption.
d. Explain how the company will ensure customer records are used ethically.
4. Discuss the communication plan to be used during and following a disruption.
a. Identify the stakeholders who would need to be contacted in the event of a disruption.
i. Describe the specific actions that will need to take place to communicate with each stakeholder.
5. Discuss how normal operations will be restored after a disruption has occurred (post-incident).
D. Create an implementation plan (suggested length of 2-3 pages) for the BCP from part C by doing the following:
1. Discuss how the BCP will be implemented into the company.
2. Discuss how the BCP will be communicated to the organization.
3. Discuss how the BCP will be monitored or tested before the incident to ensure the plan would be effective in the event of a disruption.
4. Discuss how the BCP will be adjusted over time.
a. Discuss how changes to the plan will be communicated to the company.
E. If you use sources, include all in-text citations and references in APA format.
Note: For definitions of terms commonly used in the rubric, see the Rubric Terms web link included in the Evaluation Procedures section.
Note: When using sources to support ideas and elements in an assessment, the submission MUST include APA formatted in-text citations with a corresponding reference list for any direct quotes or paraphrasing. It is not necessary to list sources that were consulted if they have not been quoted or paraphrased in the text of the assessment.