R&M Data Center Handbook
R&M Data Center Handbook
R&M Data Center Handbook
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
www.datacenter.rdm.com<br />
2.3.2. IT Risk Management<br />
IT risk management helps to ensure an organization’s strategic objectives are not jeopardized by IT failure.<br />
The term risk refers to any negative deviation from planned values – whereas chance refers to any positive<br />
deviation.<br />
Reasons to implement an IT risk management system:<br />
• Legal aspect<br />
o<br />
• Economic aspects<br />
o<br />
o<br />
o<br />
o<br />
• Operational aspects<br />
o<br />
Careful management (see SOX, KonTraG, RRG)<br />
Providing fundamental support by reducing errors and failures in IT systems<br />
Negotiating advantage with potential customers by enhancing their trust in the ability to supply<br />
Advantage in rating assessment of banks for credit approval<br />
Premium advantages with insurance policies (e.g. fire and business interruption insurance)<br />
Wide range of applications and saving options<br />
There are four classic risk response strategies:<br />
• Avoidance<br />
• Mitigation<br />
• Transfer<br />
• Acceptance<br />
IT risks can be categorized as follows:<br />
• Organizational risks<br />
• Legal and economic risks<br />
• Infrastructural risks<br />
• Application and process-related risks<br />
2.3.3. IT Compliance<br />
IT compliance means conforming to current IT-related requirements, i.e. laws, regulations, strategies and<br />
contracts. Compliance requirements typically include information security, availability, data storing and data<br />
protection.<br />
IT compliance mainly affects stock corporations and limited liability companies (Ltd.) since in these companies<br />
CEOs and management can be held personally liable for compliance with legal regulations. Non-observance may<br />
result in civil and criminal proceedings. The Federal <strong>Data</strong> Protection Act in Germany specifies a custodial<br />
sentence of up to two years or a fine in the event of infringement.<br />
Frequently, there are standards and good practice guidelines to comply with, generally by contractual agreement<br />
with customers or competitors.<br />
The core task basically involves documentation and the resulting adaptation of IT resources as well as the<br />
analysis and evaluation of potential problems and hazards (see also risk analysis). IT resources refer to hardware,<br />
software, IT infrastructures (buildings, networks), services (e.g. web services) and the roles and rights of software<br />
users. It is crucial that the implementation of compliance is understood to be a continuous process and not a<br />
short-term measure.<br />
2.3.4. Standards and Regulations<br />
There are numerous bodies responsible for developing and specifying security standards and regulations<br />
worldwide.<br />
Page 28 of 156 © 08/2011 Reichle & De-Massari AG R&M <strong>Data</strong> <strong>Center</strong> <strong>Handbook</strong> V2.0