Now that you've analyzed the risks inherent to your project and come up with a plan to tackle them, it's time to put your risk management plan into practice. In this concluding article, examine the processes of implementing, monitoring and auditing a software risk management plan, together with a case study that demonstrates how it works in the real world.
Risk planning is all about penning down strategies to take corrective action against risks. The risk factors chart created in the previous phase serves as an input to this function.
When planning for risk, the following steps come in handy:
1. Prepare a containment plan and a contingency plan: A containment plan allows you to decide the right time of taking action against the risk to both reduce the probability of its occurrence, and the severity of its impact should it occur. A contingency plan specifies the action to be taken in the event that a problem occurs, and is initiated on the basis of specific events known as trigger values.
2. Devise clear security policies: It is essential to evaluate the organization's security policies as they play a crucial role in disaster recovery. Audit the policies from time to time to ensure that they are clear of loopholes.
3. Deploy an Incident Response Team: Clearly assign roles and responsibilities to a team of able personnel who are calm in the face of emergencies. Evaluate their knowledge and confirm their ability to be flexible and respond efficiently to crises. It is essential that the entire team have a sound understanding of the potential risks and threats to the product under development.
4. Create a master risk assessment plan: This plan is an extension of the risk factors chart and contains, in addition to information on risks and their impact, the containment and contingency measures to be initiated for each. It enables the developers/managers to tackle the risk better, as they are now aware of the various risks in the project, and also how to deal with them. This plan also serves as a knowledge repository of risks for future reference.