Risk Management Plan Due Week 4 worth 240 points Note: The assignments a series papers-based case, located Student Center shell. The assignments dependent . In assignment, create a risk management plan.
Scope and objectives of risk process
The project consists of fixing of the firm's data security weakness and brand restoration. Brand restoration would ensure that the company is able to demonstrate to its customers that it is able to move past the data breach event. Brand restoration would also allow the company to continue competing without losing its customers. Fixing the weaknesses in its data security gives the company the opportunity to improve on its security measures. The company would also use this aim in strengthening its systems and implementing strict guidelines in regards to data security. The scope of the project would require the company to communicate to its customers about the data breach Rosenbaum & Culshaw, 2003.
The company does not have to admit any liability initially. This will ensure that there will not be any legal suits filed against the company. Communicating first would be aimed at restoring the company's brand to its customers. Demonstrating to the customers that the company is genuinely concerned about the data breach, gives the customers an opportunity to trust the company.
The goals of the risk management plan would be to secure the customer data by increasing the security of the company's data systems. This would ensure that no data would be lost due to the same faults in the system. Increasing security would be beneficial to the company as it would now be PCI compliant and no firewall would be shut down like was the case previously. Ensuring that all firewalls are up will protect the company's systems and ensure there will not be any data loss. The scope of the project is to analyze the current systems, and determine if they should be upgraded. Analyzing the systems would also provide the company with information regarding the systems that are working and the systems that are faulty. Conducting an analysis would also be beneficial as it would determine the systems that are compatible with each other and the systems that have bugs Rainer, Snyder, & Houston, 1991()
For the project to be successful the objectives that need to be completed are deciding when to communicate to the customers in regards to the data breach, communicating the steps that the company has take to ensure that the data breach does not occur again, fully complying with the PCI implementation, and offering discounts to the customers. These objectives are vital for restoring the company's brand and ensuring that the company's data systems are secure. With these objectives in mind, the company will demonstrate to the customers that it is determined to fix the error, and it is responsive to the developments.
The project size
Based on the project sizing tool by Hillson and Simon (2012)
the project size has been determined to be a medium project. This is because it has an overall value of 60. This value was arrived at based on the facts that have been presented in the case study. The strategic importance of the project is critical to the success of the company. This is because the company would be unable to continue operating if it does not handle the project properly. Since this project would involve handling of systems that the company already has in place its commercial complexity has been determined to be novel. Reason been that the PCI compliance was already in progress, and only few people were unaware of its progress. The project would face some external constraints as it would be required to adhere to the PCI standards. The standards are not developed by the company, and they involve external parties. This is why there would be some external influence on the project. The customers would also influence the project as they are key to the success of the company and the project. The project has been clearly defined based on the facts of the case study. These objectives have been agreed upon by all the stakeholders and they all understand the impact the project would have on the business. The CIO would be required to provide enhancements on the existing systems to ensure that they are all compliant with the PCI standards.
As the company is handling sensitive customer information it would have to conform to the regulations of the market sector. The regulations are quite challenging as the company needs to ensure that it maintains its brand reputation. While maintaining its brand reputation the company would also be required to ensure that customer data is stored securely at all times. This is a requirement imposed by banks and federal law. The project has an estimated budget of $100,000, and the project duration has been specified to be six (6) months. In order to complete the project the company would be required to involve a medium in-house team. This team would be charged with analyzing and fixing the data security as well as brand restoration. The post project liabilities have been identified that they might provide the company with significant exposure. This is because the company would stand to gain if it can demonstrate to its customers that it has taken the matter seriously.
Risk tools and techniques
In support of the risk management process the following tools and techniques will be used for the project namely initiation, identification, assessment, response planning, reporting, implementation, review and post project review Stephenson, 2001.
Initiation will involve the development of a risk management plan that would be issued to the project team at the start of the project. The project manager would be responsible for reviewing this document regularly as the project progresses. Identification is the process of identifying the risks. This involves analysis of all project constraints, brainstorming with team members, and analyzing the current systems within the company. Assessment will come after identification, and it includes the impact of each risk to the company, the probability that the risk would occur, the impact that the data breach would have on the company's reputation and brand as this would form a basis on how the company would progress with the project. Response planning would demand that for each of the risks identified an appropriate response strategy be selected. The response strategy would put into consideration the various aspects of the risk. The response would also identify the responsibility of each project member.
The proposed solutions will be implemented based on the risks identified. Implementation should be monitored to determine its effectiveness. Review is vital as it assists the project team to review what they have done to determine that the risks have been mitigated. Reviewing the system to ensure that no one can hack in order to steal the data is critical for the success of the project. Finally, after the project has been finalized the members should meet with other stakeholders to review the lessons learnt. The meeting would also provide the opportunity for all to discuss what can be done to ensure it does not happen again and the correct plan in case it happens.
Risk reviews and reporting
Risk review for the project would be conducted on a weekly basis for the six months duration of the project. This will allow the company managers and team members to keep track of the project progress. During the risk reviews identification of new risks would take place, the risks that the company is currently facing will be assessed and reviewed, team members will provide the stakeholders with updates on the agreed actions, and new responsibilities and actions would be assigned to the team members. Risk review will provide the opportunity for determining if the project is effective. This way changes…