Managing Information Risk

An assessment of progress

Published/updated: February 2007

by Martin Atherton

With organisations being so dependent on the electronic capture, storage and retrieval of increasing amounts of information, how well are they coping with modern-day requirements?


Loss of critical information is the most prominent risk in today’s business environment
When asked to what degree different categories of risk are considered during the business planning process, 715 senior IT managers from across Europe and the Middle East put a loss of business critical information at the top of the list. Whilst regulatory/legal compliance is also important, the key risk item cited acknowledges a broader set of responsibilities pivotal to a company’s ability to meet these critical requirements.

The IT department is stepping up to the mark and taking responsibility
Two thirds of organisations have at least one service level agreement (SLA) in place in relation to data and information protection and availability. However, there is a marked difference between the number of organisations stating they are sensitive to loss or unavailability of data / information somewhere in their organisation (86%), and those which have established any kind of strategy based on SLAs (68%).

Advanced technologies are seen as important to protect centrally held data and information
While traditional approaches like storage device mirroring, high-speed tape backup and disk to disk backup remain important, the view is that advanced technologies such as continuous data protection solutions and smart distributed data replication have a key role to play, as they reflect the emerging data management requirements for systems residing both in the data centre and further afield.

Yet significant risks exist with distributed information that is sometimes beyond IT control
Over 60% say that proliferation of data across different locations, machines and devices makes managing backup and recovery a challenge. The average level of confidence in the safety of critical data distributed in this way is under 70%. Incomplete audit trails, the accidental discarding of critical data, and the release of information without the necessary authority are cited as fragmentation related issues, which have clear compliance and business management implications. Technology can help with some of these challenges, but only if deployed as part of a broader strategic imperative which combines business leadership, personnel training and flexible processes and policies.

Opportunities exist to boost ROI through a smarter and more coordinated approach
While many organisations have been investing in solutions such as email archiving, workflow, records management and search technologies, the evidence suggests that most deployments have only solved compliance "check box" requirements, and have generally failed to deliver value beyond this. Such results are symptomatic of information management investments being defined too narrowly in the past, suggesting the need for a broader-based approach looking forward.

This report is free of charge. Click above to download the PDF or view the interactive e-document.

If you experience any problems during this process please contact us at; or call +44 (0)1425 626501 / 620008

Featured Content