These are very challenging issues for all organisations.
The potential for "anywhere, anyone, anytime" access to data and systems that is so exciting about IT can also create major problems in ensuring adequate security and risk management.
Accountancy and audit regulations require organisations to manage risk to an appropriate level, taking appropriate measures on this topic. For instance, SORP regulations (Statement of Recommended Practice) require that a statement confirming that the major risks to which a charity is exposed, as identified by the trustees, has been reviewed and that systems have been established to manage those risks, though there is more that can be done to enhance the risk management process.
This is a good piece of legislation, not prescriptive but requiring action. Managing risk to an appropriate level will mean different measures for different organisations.
Let's take as an example two types of organisation we deal with:
IT Security and Risk Management issues include:
Co-Operative Systems has 20 years practical experience in IT security and risk management, as part of work all the clients we serve get regular Security and Risk Management assessment as part of our Red Box programme and we regularly make presentations on IT Security and Risk management for the NCVO and the Institute of Risk Management.
If you are concerned about the suitability and robustness of your current arrangements, or perhaps just would like second pair of eyes to check over your arrangements, we are happy to assist.
Contact us for a no obiligation, free of charge initial assessment using the button below or via our Contact page.
Free sample IT documents and checklists also available via the Enquire button.
Hilary Simon
