As a newly hired consultant, you have been tasked with the duties of creating and presenting a risk management/business contingency plan for your first client. The legal department and the IT department have both expressed concerns regarding the ethical use and protection of sensitive data, customer records, and other information systems content. In the interest of creating confidence and job satisfaction in this new position, your new employer has decided to let you select your first client.
For this task, you may select your client from your actual place of employment, a local small business, or a well-known public company. The client must operate internationally in at least some aspects of its business.
Note: Any information that would be considered confidential, proprietary, or personal in nature should not be included. Do not include the actual names of people, suppliers, the company, or other identifiable information. Fictional names should be used. Also, company-specific data, including financial information, should not be included, but may be addressed in a general fashion if appropriate.
Note: Your submission may be in a variety of formats (e.g., report, multimedia presentation, video presentation). Parts A, B, and C should all be submitted to TaskStream at the same time, but as three individual documents.
A. Create a risk register with eight risks currently facing the business to include the following.
1. Explain how one of the identified risks emanates from an aspect of the company’s global marketplace activities (e.g., manufacturing uncertainties, problems with suppliers, political instability, currency fluctuations).
2. Discuss the source(s) of each risk.
3. Evaluate the risk level for each risk in terms of severity of the impact, likelihood of occurrence, and controllability.
4. Develop an appropriate risk response for each risk to reduce the possible damage to the company.
Note: This section should be included as a separate, detailed discussion to accompany the risk register.
B. Create a business contingency plan (BCP) that the company would follow if faced with a major business disruption (e.g., hurricane, tornado, terrorist attack, loss of a data center, the sudden loss of a call center in a foreign country, the collapse of a financial market or other catastrophic event) in which you include the following:
1. Analyze strategic pre-incident changes the company would follow to ensure the well-being of the enterprise.
2. Analyze the ethical use and protection of sensitive data.
3. Analyze the ethical use and protection of customer records.
4. Discuss the communication plan to be used during and following the disruption.
5. Discuss restoring operations after the disruption has occurred (post-incident).
C. Create an implementation plan in which you recommend ways of implementing, monitoring, and adjusting the BCP.
Note: Remember that the client insists on maintaining the security of data in information technology and that the potential for ongoing issues is based on global marketplace concerns.
D. When you use sources, include all in-text citations and references in APA format.