Professional Documents
Culture Documents
Information and Computing Services
Risk Register
February 2016
CiCS manages the risks to the ICT infrastructure that supports most of the vital functions of the University. Our internal risk management information will have a more
complex structure than the register layout suggested. Each system or service supports various types of vital activity in the University and is at risk from many causes,
each with its own preventive measures. Systems are also heavily interdependent. The recommended Risk Register layout has too few dimensions to express this
complexity and can only provide a simple summary.
Loss or degradation of any ITC system would clearly be categorised as an infrastructure risk, but this could be misleading as learning, financial processes, research etc
could all be affected equally. Instead we have given more than one category, as a number, against most risks. To give them in order of risk exposure would be almost
meaningless and this has not been attempted.
We have not listed planned actions against most risks. Many major actions were identified earlier and are now complete. They are shown as controls in the register.
These are either major investments in equipment and facilities, or ongoing processes within CiCS. Further actions are likely to be identified as the new assessment
process develops.
CiCS has a Business Continuity Plan and a great deal of other information to be used when various types of incidents occur. This has not been mentioned in the Register
as it applies to every risk.
We have not listed opportunities alongside the risks. They are a very different type of issue in this area.
Categories
Most CiCS items relate to 1, 4, 6 and 7
1. Estates,
Infrastructure, IT, Business Continuity
2. External relationships and partners
3. Financial
4. Learning, Teaching, Student experience
5. Organisational development and strategy
6. Research and innovation
7. Service quality
8. Staffing and Human Resources
Residu
Inherent al Due date and
Category Description L I Controls in place L I Further Actions person Other
Risks related to resourcing
1, 4, 6, 7 Underfunding and L M Constant attention to M M .
obsolescence of IT changing needs and funding
resources. issues, including
Lack of investment leads to continuation of capital
reliability and security budget.
issues, plus accumulation of Prioritise spending and
long term maintenance effort clearly.
backlog which reduces Current funding issues
flexibility, reduces product affect this risk.
quality, increases upgrade
times and generates
unpredictability.
Departments may then take
things into their own hands,
creating a chaotic set of
facilities.
1,7 Loss of key personnel. M M Identify key personnel M L
Many systems are Share expertise and train
understood by only one others in key skills.
person, who could leave, Document key systems
become ill, have an carefully.
accident etc.
Maintain staff retention
Some systems could then through health and morale
be difficult to maintain, in the workplace, deal with
with extended downtime, grievances properly.
or projects could be
Standardise systems and
delayed.
processes to reduce
reliance on individuals.
Outsource specialist skills to
competent third parties.
Use SRDS etc effectively.
Risks involving loss of use of software
1 Major supplier goes out of M H Use purchasing agreements M M
business or taken over by a that include alternate
rival. suppliers.
Leads to inability to Use of major suppliers –
maintain specific items, more likely to be taken over
unreliability or high cost of if they fail.
replacing everything Awareness of alternative
supplied . approaches.
Avoid obvious
dependencies.
1, 4 Software licensing changes. M M Awareness of forthcoming L M
Software supplier could changes and alternatives.
withdraw licenses for vital Membership of consortia.
items, significantly change Negotiate good deals.
the price, go out of
Check contracts.
business, sell rights etc.
Good relations with
Affects costs and ability to
suppliers.
provide items widely. Risk
prosecution if unaware. Pay annual costs when due.
1,4,6,7, Failure of applications M M Keep software maintenance M L
software, eg triggered by contracts uptodate.
incompatibility due to Application of patches and
changes in related systems implementation of new
or by increased demands. versions as they are
This could lead to provided for central
unavailability of particular systems.
services and possible extra Commitment to
costs. maintenance windows so
software & hardware for
key business systems can
be kept supportable
Appropriate testing of
software and its effective
and robust configuration,
version and change
management.
Good documentation of
procedures and
dependencies.
Risk arising from external constraints
1 Changes to systems M M Constant attention to and M L
required by legislation, or understanding of legislation
new requirements from and good liaison with
funding bodies Possible funding bodies.
requirement to stop using Information Security Officer
existing processes if not in place.
planned ahead.
PCI/DSS compliance being
addressed.
1, 2 Outsourced services M M Careful checking of L L
(including Google Apps for thirdparty services and
Education, Blackboard systems
Learn, Talis, Planon, and Use only major players.
StarRez)
Correct contractual
Potential for loss of services agreements.
and service quality,
Effective Supplier
reputation and security
Relationship Management.
risks, legal issues (data
protection, export laws). Constant monitoring and
robust exit plans in place.
Risks related to internal communication and understanding of needs
7 Unrealistic expectations of M M Range of communication L L
CiCS services. channels to inform users of
Failure to manage services and changes.
expectations and Customer Services and
understanding of services Communication team
could lead to bad feeling, established
complaints, unrealistic Liaison channels
demands and pressure – established and continue to
lowering service quality.
develop, especially at
faculty level.
Develop effective
mechanisms for
prioritisation involving all
relevant stakeholders.
7,6,1 Failure to provide services M M As for ‘Unrealistic L L
that are needed. expectations’ above.
If CiCS does not provide IT
services that departments Working in an agile way to
need (or want) they will more quickly provide
find their own solutions. solutions
This would lead to
Introducing a business
duplication of effort, extra
partnership model for
overall cost, poorer quality
better understanding
and reliability and reduced
Faculty IT requirements
cooperation.
Risks arising from malicious activity
1,7 Internal fraud or sabotage. L VH Attention to health and L M Information Security
Disgruntled (or simply morale of staff. awareness raising
untrained) staff could do Charter for system programme across the
enormous damage to IT Administrators is regularly University includes
systems and data or bring issued to all relevant staff. guidance on security and
the University into statement of personal
Access rights are allocated
disrepute responsibilities.
carefully for key systems.
Training on security
procedures.
Information Security
Manager in place.
1,4,6,7, Unauthorised access to H M A Code of Conduct for all M L Information Security
computers and data. computer users, including awareness raising
programme across the
May be malicious, hacking security advice, is published University includes
etc. Could lead to serious and promoted. guidance on security and
breach of University Appropriate detection statement of personal
security or create a route to systems in place. responsibilities.
‘hack’ other sites.
Monitor attempts to gain
unauthorised access.
Allocated rights carefully
for sensitive systems.
Manage expired accounts
properly.
1, 4, 6, 7 Virus or other malware VH VH Use highquality H M
attack, or software virus/malware detection
vulnerabilities. systems at the centre and
Malicious software can encourage or enforce use
damage any IT system, or on all users’ computers.
prevent normal service by Scan all incoming email
sheer volume of extra using stateoftheart tools.
traffic. Apply all patches to keep
The problem could spread key software
through many computers (virusscanning software,
including to other sites and operating systems and
take days to clear. major applications) up to
date on all computers,
central and personal.
Denial of Service Attacks to
University or outsourced Automatically block
systems. infected machines from
using the network.
Restrict the services that
can be fully accessed by
users.
Encourage use of
‘managed’ computers and
CiCS hosting environment..
Issue clear advice to users.
Risks leading to loss of data, or loss of access to data
1 Failure of data backup M H Maintenance contract on M M Backup strategy is under
systems. backup systems. review.
This would destroy the Follow protocols correctly.
security of data making it Store data safely and in Work with users to have
vulnerable to many other more than two places. a realistic backup
risks. Loss of current data strategy.
Duplication of main storage
with no recent backup
systems means separate
would be a major and very
backup is becoming less
disruptive incident.
critical.
1 Loss of data from major H VH Reliable backup systems L M
systems or their failure. and procedures in place.
Major services would Data is mirrored between
become unavailable for a two computer centres. A
period, eg Financial or HR third copy is mirrored to a
systems, student third location with
management etc. optionally a different
Most likely cause would be retention time.
equipment failure. Virtual servers allow
functions to be moved
seamlessly to other
equipment.
Some systems duplicated
across two machine rooms
with some possibility of
failover.
Central systems accessible
from offsite for ease of
maintenance out of office
hours.
Risks related to loss of electronic connectivity
1 Loss of internet connection H VH Duplication of main H VH Recent losses of our
to the University. connection. internet connection
Loss of the Joint Academic We have 2 independent through either DDOS
Network connection could connections to the JANET attacks on Janet or
be due to faults, damage, network providing our physical damage have
commercial decisions or internet connection, but led us to open
other external issues that both have these have discussions with Janet
may not be under control of recently failed at the same about a third
the national academic time connection.
community. No
computerbased
Temporary web pages
communication offsite,
available so that the
including email, would be
University does not vanish
possible.
from the web.
Attention to cable routes
during excavations.
Appropriate maintenance
on all relevant equipment.
1,7 Loss of telephone M H Use reliable provider, with L L
connection. This would secondary one for
disrupt all normal voice emergencies.
communication, and would Additional connections so
be a major problem in an not reliant on one point of
emergency such as a fire. connection.
Attention to cable routes
during excavations.
Universal access to mobile
phone system.
1 Damage or failure to H H Major links across campus H L Recent losses of our
network infrastructure. are duplicated. internet connection
through either DDOS
attacks on Janet or
physical damage have
Any component could be Vital services can operate led us to open
damaged accidentally or from one of the two discussions with Janet
maliciously, or simply fail. computer rooms. about a third
All electronic Network breaks are connection.
communication including detected automatically. Introducing better
telephones could be lost, Spares for vital components liaison with EFM.
most likely to specific areas. are kept on site.
Network equipment is
housed in locked rooms and
cupboards across the
campus.
Staff are very experienced
in repairing routine failures.
Risks causing equipment to become unavailable
1 Mains power failure to vital H VH Central equipment is H M New UPS and power
equipment. duplicated between two tree implemented in CC
Powerdown of key computer rooms. DC transition to new
equipment would disable Backup power systems In service 90% complete.
electronic communication place for both computer
and central IT services. rooms, battery and Working on Shared Data
generator based for short Centre project with JISC
and longterm power. and northern
Warning systems and universities
contingency procedures in
place.
Regular testing of power
backup systems.
CiCS has significant
experience of this type of
event.
1 Airconditioning failure in M H Redundancy built in to M L Airconditioning systems
one of the two computer current airconditioning are being reviewed and
rooms. systems. should soon be replaced
Leads to overheating of Vital services can operate to improve efficiency
computer room and likely from just one computer and reliability.
need to shut down at least room, with effort and
some equipment. Result is disruption in some cases. Working on Shared Data
loss or degradation of some . Centre project with JISC
services. and northern
Emergency airconditioning
can be arranged at short universities
notice.
Maintenance contract and
attention to airconditioning
maintenance (?)
1 Flood in a computer room. L H Mains wiring and sockets L M Working on Shared Data
These are lowlying areas moved to above underfloor Centre project with JISC
with many cable ducts ‘ground’ level. New and northern
entering below ground overhead power rails universities
level, with a potential to installed.
carry water into the Sump and water detection
buildings. Flooding would system in place with pump.
disrupt power and other
Most ducts are watertight.
cabling leading to loss of
services. There are Vital services can be run
associated dangers to staff from one computer room.
from electricity or
electrolytic generation of
flammable gas.
1 Theft of vital equipment, or L H Computer rooms are L M
associated damage. physically secure, with
Targeted theft of IT careful security procedures.
equipment has occurred at Vital services can operate
other Universities in the from just one computer
past. room, with effort and
disruption in some cases.
Vital services would be Data is replicated to other
disrupted until locations
replacements installed. Alarms and CCTV in place.
Confidential data could be
taken.
Risk to personal safety in a
violent theft.
1 Gas leak into computer L H Gas detection in place. L L Working on Shared Data
room – eg carried Most ducts are sealed. Centre project with JISC
underground via cable and northern
Vital services can operate
ducts. universities
from just one computer
Risk of explosion, need to room, with effort and
evacuate building. Possible disruption in some cases.
need to switch off vital
equipment.
Risks involving damage to or major failure of equipment
1 Major hardware failure. M VH Vital services can be run M M
Can be caused by a range of from one of the two
events, both accidental and computer rooms.
malicious. Central equipment is on
Depending on which rapidresponse
hardware fails, vital services maintenance contracts and
could be disrupted or many spares are held
communications lost. onsite
1 Escape of highpressure L H Vital services can be L M Working on Shared Data
water or steam from main operated from one of the Centre project with JISC
CHP pipes. These feed two computer rooms. and northern
many buildings, including Redundancy is built in to universities
the Computing Centre. the major network links.
Pipes tend to be in the
CHP systems
same spaces as Network
wellmaintained (?)
equipment. Pressure is said
to be such that structures
could be damaged.
Communications could be
disrupted including to
Security control centre.
1 Fire in a computer room or L VH Fire detection systems in L M Working on Shared Data
other vital space. place. Centre project with JISC
This could damage vital Fire suppressant systems in and northern
equipment and stop computer rooms. universities
computer or Vital services can be run
communication services. from either of two
computer rooms.
1 Lightning strike. L H Lightning conductors in L M
Antennae are most place on computer
vulnerable, but current buildings.
surges could destroy any Data connections are now
local equipment, leading to fibre, so surges not
loss of any computer or conducted to other
communication services. buildings.
Vital services can be run
from either of two
computer rooms.
1 Failure of telephone M M Telephone system is split M L
exchange system. across two computer rooms
This is essentially another and can function from
very reliable computer either alone.
server. Failure would result Maintenance contract is in
in loss of all voice place and attention given to
communication across the quality of installation.
campus and externally. Mobile phones in almost
universal use.
Risks relating to unavailability of physical estate
1 Serious damage or loss of L VH Vital services can operate L M Working on Shared Data
use of a Data Centre from just one computer Centre project with JISC
room, with effort and and northern universitie
disruption in some cases.
Good maintenance of
computer rooms.
Good security, fire
detection, burglar alarms
etc. in place
Vesda fire prevention
system in place.
Third Data Centre is in
place.
1 Loss of use of a building or M M Most vital systems are M M
part building. designed to be used by staff
CiCS could be called on to working from home and
provide facilities for web access is a standard
displaced staff, possibly by condition for most software
releasing one or more procurement.
student computer rooms. Student computer rooms
This would take CiCS staff have telephone points –
resource for other tasks and one has a large number of
degrade the service to them for use as an
students. emergency
communications room.
1,4 Loss of significant amounts L H There are back up locations L M
of teaching space, for in place, both external and
example if a building closed in non teaching space at the
at short notice. University although this can
There is enormous pressure incur signficant expense..
on the University teaching The timetabling team have
estate and the student been familiarised with the
experience could be entire University estate and
seriously negatively can work closely with EFM
impacted by loss of colleagues to organise a
teaching space. solution quickly.
NonICT Units University Print Service
1,4 Print Service unable to L H A business continuity plan is L M
function for a short period in place, which includes
due to loss or unavailability identification of external
of premises, power, suppliers.
equipment, communication
links or key staff. This could
delay the availability of vital
materials such as exam
papers or degree
certificates.
NonICT Units Performance Spaces
1,2,4,7 Octagon centre unable to L H A contingency plan is in L M
provide space for major or place, which includes access
minor events, internal or to emergency staffing,
external, due to damage or generator etc. Alternative
issues affecting the venues are identified but
building, unavailability of availability depends on
staff, electrical failure. This their own schedules.
could prevent important
events such as exams and
degree ceremonies, or
external incomegenerating
events. And have a major
impact on the student
experience and the
reputation of the
University.
1, 2, 4 Drama studio unavailable L M A contingency plan is in L M
for use by external groups place, which includes
or internal teaching recognition that alternative
departments due to fire or spaces would be unlikely to
other damage, loss of be available.
power or unavailability of Internal (teaching) bookings
staff. This could hinder are discussed and clarified
teaching plans, prevent as soon as possible.
incomegenerating activity
and damage our reputation.
Inability to confirm
bookings to external
groups, due to lack of
clarity of internal bookings,
could lead to loss of
revenue and reputation.