Risk Management Services, part of Enterprise Security and Risk Management Office, supports the State CIO in the performance of duties and responsibilities associated with: information technology risk management, continuity of operations/continuity of government as it relates to information technology, and internal audits/assessments of information technology infrastructure. The Risk Management Team offers services designed to identify and provide guidance on potential events which may impact the delivery of information technology services and provides management with reasonable assurance that entity objectives are being achieved. The team works with state agencies, federal and local governments, and private sector businesses as necessary.
Risk Analysis
Assist agencies with the identification of risks by evaluating threats, liabilities, and vulnerabilities.
Provide consultation on risk analysis and evaluation
Consult with agencies on risk mitigation options
Support risk evaluation tools, processes, and procedures
Contribute to the improvement of risk assessments and control objectives
Continuity of Operations Plans (COOP) and IT Business Continuity
Review agency continuity plans for key IT components
Support enterprise disaster recovery software
Ensure compliance with statutory requirements
Provide training to state employees in the area of disaster recovery/business continuity
Internal Audits/Assessments
Coordinate internal audits/assessments
Report findings/recommendations to management
Facilitate external audits
Assist with the coordination agency audits performed on ITS infrastructure
]