R&M Data Center Handbook
R&M Data Center Handbook
R&M Data Center Handbook
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
www.datacenter.rdm.com<br />
2.3.6. Potential Risks<br />
According to a report by the IT Policy Compliance Group of 2010, 80 percent of companies have poor visibility into<br />
their IT risks, taking three to nine months or longer to classify their IT risk levels. Inability to prioritize risks, lack of<br />
a comprehensive risk view and inadequate control assessments all contribute to this problem.<br />
Liability Risks<br />
Need for<br />
regulation, need<br />
for action<br />
Strategic<br />
tasks<br />
Conceptual<br />
tasks<br />
Operative<br />
tasks<br />
Responsibilities Legislation Potential damage and losses<br />
Management /<br />
CEO<br />
Supervisory Board<br />
Management /<br />
CEO<br />
<strong>Data</strong> Protection<br />
Officer<br />
Head of IT<br />
Management / CEO<br />
<strong>Data</strong> Protection<br />
Officer<br />
Head of IT<br />
Staff<br />
See<br />
regulations<br />
See<br />
regulations<br />
Employment contract<br />
See<br />
regulations<br />
Employment contract<br />
Commercial Code (HGB)<br />
Copyright Act (UrhG)<br />
Penal Code (StGB)<br />
Excerpt: Liability Risk Matrix (Matrix der Haftungsrisiken), Bitkom, as of March 2005<br />
- Losses due to system failure<br />
- Insolvency<br />
- Increased costs of corporate loans<br />
- Loss of insurance coverage<br />
- Image loss<br />
- Monetary fines<br />
- See strategic tasks<br />
- <strong>Data</strong> loss<br />
- Unauthorized access<br />
- Virus infection<br />
- Loss due to failed projects<br />
- Loss of claims against suppliers<br />
- Loss of development know-how<br />
- No annual audit confirmation<br />
- Taxation assessment<br />
- Imprisonment<br />
- Corporate shutdown/loss of production<br />
- Capital losses<br />
- Image loss<br />
- Loss of business partners or data<br />
Companies have taken to including limited liability for negligent behavior in agreements between managing<br />
directors and the company. In the case of limited-liability companies, members have the option of declaring<br />
acceptance of the managing director, rendering any claims for damages against the company null and void. This<br />
is not true in the case of stock corporations, where acceptance of management does not result in the waiver of<br />
damage claims.<br />
Good insurance is a valuable asset because...<br />
… Managers fail to see their liability risks<br />
… Managers are usually not clear about the scope of their liability risk<br />
… There is a growing risk of being held liable for mistakes at work and losing everything in the process<br />
… Managing directors and management can be held liable if they fail to provide sufficient IT security for their<br />
companies<br />
… The boss is not the only one held liable!<br />
Operational Risks<br />
Operational risks – as defined in Basel II – are "the risks of loss resulting from inadequate or failed internal<br />
procedures, people and systems or from external events".<br />
The primary focus, in terms of operational risks, is on:<br />
• Information system failures<br />
• Security policy<br />
• Human resource security<br />
• Physical and environment security<br />
• IT system productivity<br />
• Keeping systems, procedures and documentation up-to-date<br />
• Information and data of all business operations<br />
• Evaluation and identification of key figures<br />
• Clear, previously drawn-up emergency plan<br />
• Backups of the entire data base<br />
Page 34 of 156 © 08/2011 Reichle & De-Massari AG R&M <strong>Data</strong> <strong>Center</strong> <strong>Handbook</strong> V2.0