Risk Management Blog - ClearRisk

3 Steps You Must Take TODAY to Reduce Your Software Risks

Posted by Kit Merker on Thu, Nov 17, 2011 @ 20:11 PM
Kit Merker has been in technical and management roles for over a decade, doing everything from project management, coding, design, testing, and running a service. He currently works at Microsoft as a Developer Evangelist. Kit Merker has a blog dedicated to preparing for software disasters. Be sure to follow Kit on Twitter after reading his guest blog post below! 

These are times of economic uncertainty for many businesses, and the very idea of spending much-needed funds on something that might happen may seem like suicide. According to CIO.com, business continuity & disaster recovery is NOT a top priority for CIO's.Software Risk Management

It's a normal human tendency to stay optimistic and believe that you are immune from disaster. We say, "that'll happen to other people, I'll hope for the best and focus on my day-to-day activities."

But, as I say probably too frequently, hope is not a strategy.

Imagine if a disaster hit and you sustained serious downtime, got hacked, or lost data your customers needed. The results would be disastrous for your reputation and could mean the end of your business. You'd be kicking yourself for not preparing.

But just like a teenager learning to drive, sometimes getting in an accident helps you learn to operate more safely. The good news is that there are practical things you can do to reduce your risks of software disaster.


Here are 3 things you can do TODAY to reduce your software risks:

1. Create a Crisis Phone Tree


I am a huge fan of lo-fi approaches to dealing with the unknown. This may seem like basic housekeeping, but it will help you handle a crisis much better than having the wrong people or the wrong contact information. When's the last time yours was updated? Also, you could create a simple rotation to designate who is "on call" in a given week to handle anything unexpected. You don't need heavy policy & procedure if you have smart people who are familiar with the software empowered to do the right thing.

2. Update Your Templates

Have your engineering team add a "Recoverability/Resiliency" section to their specs & design templates. This is a good way to push your developers to think through these problems up front and find creative, cost-effective ways to solve them. The test team could also add an "External Risks" section to their test templates and think through the various things that could go wrong. Even if you can't afford to prevent these risks, you can at least be aware of them and make an informed decision to handle them if it comes up. You may be surprised by what you weren't thinking about before, and how resourceful your team can be in mitigating these risks.

3. Survey Your Team

When's the last time you asked everyone to send their biggest concerns for your system? You probably have people who are aware of your software risks right now, but maybe they don't want to bring it up. Sometimes it can feel like being a naysayer or a whistleblower to bring up problems. Give your team a safe way to express their concerns, and then you can decide what to do about it.


Conclusion


We live in turbulent times where budgets are tight and threats are real. Your business depends on your reputation, which is bound to the quality of your website or online services. Your company depends on your IT systems to remain productive and profitable. Getting started can be the hardest part, and there are some simple steps you can take to lower your risks. You can always be more prepared, but the most important step to take is the first one.

Has your organization experienced a software disaster? Tell us about it by commenting below!

Topics: ClearRisk, kit merker, software risk, risk management planning, risk mitigation, risk, risk management, risk management blog, Risk Management Software, IT risk management, technical risk, business continuity planning, Managing Risk, business continuity, software disaster risk, preventative measures, software risk management, software vulnerability