C.I.N.E.S. Centre Informatique National de l’Enseignement Supérieur


C.I.N.E.S. Centre Informatique National de l’Enseignement Supérieur

Risks management

Every activity involves risks that if you want to control them must primarily be managed and evaluated. The question is not to eliminate those risks (which is not always possible), but rather to determine the level of acceptable risk and establish the most appropriate solutions.

The activity of long term preservation generates a number of risks that must be properly identified, including those concerning the conservation of archived data.
In computer science, 4 risks are unavoidable if nothing is done:

The risk management fits into this context within the team archiving “PAC”.

The risks identification approach of PAC is based on the methodology DRAMBORA(Audit methodology of electronic archive deposit, based on risks assessment) for which the archivist of the team is formed.
This method is first to analyze in detail the context in which the conserned service evolves: what is its general policy, what are its fonds , its objectives, activities, resources, etc..
This comprehensive study allowed the identification of 38 hazards that may affect the service. They were then evaluated, that is to say that their probability of occurrence in time and their impact have been determined.
Once known dangerousness, one or more plans of action has (have) been established for each risk in order to reduce or eliminate their risk.

This information is grouped in the “Risk Management Plan,” key document for the service and who, for more efficiency, is regularly updated.
The risk management plan was implemented in 2009. It is reviewed every six months.

In this particular work, the involvement of the entire team quickly became primary, both in risks identification than in their assessment and definition of action plans.
Each team member is “owner” of a number of risks, that is to say, he is responsible for monitoring their changes over time, define and implement action plans necessary to reduce their risk.
We decided it was essential to structure the risks between them to better manage them, given their number: the risks are structured or grouped by functional categories or by classes, or by linking them with relationships (The x risk involves the y risk , the action plan of y risk reduces z risk , x and z risks have together an impact multiplied, the action plan of x risk makes less effective the action plan of z risk ).

This work was an opportunity to raise strategic issues: unlike the National Library of France, the preventive treatment of risks have been identified by the CINES as higher priority than curative treatment. Curative treatment are however made in the context of business continuity plan.

More details on risk management on mappingand data sheet for identification and proactive management risks process ..