Insurance carriers are masters of risk management; that's their business. But while being adept at measuring the risks associated with customers and potential customers, how many apply risk management principles to internal IT operations? This may be an overlooked area.
The IBM Institute for Business Value just released a
The study's authors make the following recommendations to better develop IT risk management approaches:
1. Examine and assess the organization’s IT risk capability: Cross-enterprise planning should encompass data, security, resilience and disaster recovery, and new technologies.
2. Look for champions among senior leadership: “Become a trusted adviser and valued resource to the CIO;.”
3. Determine how to heighten risk awareness at all levels, and within the organizational culture itself: Education and training are key. Incorporate risk awareness into everyday business and IT processes.
4. Create a strategy for regularly communicating the breadth of risk management, as well as compliance topics and issues. Emphasize that it is more than just a “one-time” activity.
5. Build risk-related procedures into the IT infrastructure, as opposed to adding them to applications in a piecemeal manner.
6. Make sure safeguards are in place to help prevent unauthorized access to company data and systems.
7. Review business continuity plans.
Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.
Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at
This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.
The opinions of bloggers on