Defining your risk appetite
How to create simple definitions of risk appetite levels, and then assign these to each of your organization’s projects, services, business units or any other clearly identifiable part of your work.
Blogs that appear below are published on the Optimal Service Management web site.
All blogs published on this site are licenced under CC BY-SA 4.0
Major incidents and security breaches are different. Learning from experience can turn out to be hugely expensive, or even result in the organization concerned going out of business. So how can you make sure that you handle these incidents correctly first time?
I deliver much better value to some of the organizations that I work with than to others, and I’ve been thinking about why. Here are four tips that will help you to get the best possible value next time you engage a consultant.
At the Service Desk and IT support show, there was a panel discussion titled "Which framework is right for your business". I was pleasantly surprised by the sensible conclusions reached...
I often hear people who work in IT operations complain that DevOps is just about development. If we want DevOps to work for everyone then we shouldn’t wait to be invited to join in and complain when we aren’t. We should actively adopt ideas from DevOps into how we run IT operations and seek out our development colleagues to foster collaboration.
I delivered a presentation on Metrics and measurement at the Service Desk Institute conference in the UK. To my surprise, the most lively discussion topics were more about how well the service desk communicates with end users, than about metrics.
If you define an incident as "... interruption to an IT service..." then you're not really focussing on customers. One of my clients has a much more business-focussed definition, and this drives completely different behaviours...
Delivering services isn’t something that is unique to IT. We know good service when we receive it, and so do our customers. If you focus on service levels and processes your customers will never see you as more than an internal cost centre; if you focus on outcomes and customer experience instead then you can become a valued partner.
Many IT organizations think that defining a vision is too abstract, they don’t see the point, and they just want to get on with it. So they jump straight into the important work. The results are as predictable as they are sad. IT staff work very hard, but fail to arrive anywhere helpful, with results that are not nearly as good as they could have been.
Do you think about the outcomes you're trying to achieve with all of your processes? Or do you just try to make the processes work better? Many IT organizations continue to run the same ITSM practices long after they have become outdated, but there is a better way to work...
If you are responsible for security try to be like Goldilocks. Not too much security, not too little, but just right.