Geek Answers Handbook

What are your risk management strategies?

We are a small business in the field of web development, and as a result, we also want to release web applications. We are currently conducting a risk assessment and would like to know what other companies are doing to ensure safety and manage risks. What are your risk management strategies and practices, technical and others?

Here is what I have so far (and I will save the list):

Technical

  • Source control
  • Module testing
  • Harmonized Coding Standards
  • Backups at different physical Locations
  • Bug tracking
  • QA Check
  • Security audit

Other

  • Explicitly detailed contracts
  • Business insurance
  • Evidence Based Planning
  • Weekly results and off subscription client
  • Reporting Tracking Audit
+4
source share
5 answers

At a more abstract level:

Keep a list of risks with all the possible risks that you can think of, be they big or small, probable or unbelievable. Refresh or at least double-check this list every few weeks. It can be as tangible as a “hard drive failure on the main server” or as intangible as “a competitor launches its product first”.

Then, for each risk, evaluate the impact and likelihood on some scale (this can be quite arbitrary). The real risk will be somewhat proportional to the product of both. IE, the high potential cost with a very low probability is not as bad as the average cost with a high probability. These numbers are just there to help you figure out the risk, don't take them seriously.

Next, for each risk, think about mitigating measures that you can take, be it countermeasures, insurance, whatever. Again, indicate the value of these (not on cash value!).

Only now can you really decide what (and if at all) to do with every risk. Just accepting risk may be an acceptable decision at this stage, but not before.

You might want to read Waltzing with Bears: Risk Management on Software Projects Tom DeMarco, Timothy Lister. Good time.

+2
source

Step 0 - identify and implement the POC project for all high-risk technical problems.

Weekly results with customer acceptance (even if it's just an artificial customer).

+2
source
  • A good project management plan (i.e. SOW, collection of requirements, as-is, model, future model, etc.).
  • During backups, there is a great risk of a management step that many people / companies do not accept considering their process for backups. I have seen too many cases where the backup process (inserting tapes, scheduling, deleting tapes, moving tapes off-site, etc.) was too easy to break.
+1
source

You have included one item about infrastructure.

  • Backups in different physical places

I recommend expanding this to include data protection.

  • Hardware that protects against power loss (battery or mechanical power)
  • Hardware and software that supports ready-made access to your code and creates

Failure and loss of your data interrupts the encoding stream, and restoring from a backup takes much more time than never losing it.

+1
source

Even with a small company, I feel that “ownership” and “responsibility” are key. If you have many community projects, then who will answer if this is bad? Obviously, this is something that should develop with the company, and being too strict on the hierarchy leads to strangled teams. But you need to think about such team dynamics that you want to create and support in your company.

0
source

More articles:


All Articles