UKOLN Cultural Heritage Documents » Risk Management http://blogs.ukoln.ac.uk/cultural-heritage-documents A commentable and syndicable version of UKOLN's cultural heritage briefing documents Fri, 17 Sep 2010 09:32:22 +0000 en-US hourly 1 http://wordpress.org/?v=3.5.2 Risk Assessment for Use of Third Party Web 2.0 Services http://blogs.ukoln.ac.uk/cultural-heritage-documents/2010/09/02/risk-assessment-for-use-of-third-party-web-2-0-services/ http://blogs.ukoln.ac.uk/cultural-heritage-documents/2010/09/02/risk-assessment-for-use-of-third-party-web-2-0-services/#comments Thu, 02 Sep 2010 13:40:01 +0000 Brian Kelly http://culturalheritagedocs.wordpress.com/?p=217 Background

This briefing document provides advice for Web authors, developers and policy makers who are considering making use of Web 2.0 services which are hosted by external third party services. The document describes an approach to risk assessment and risk management which can allow the benefits of such services to be exploited, whilst minimising the risks and dangers of using such services.

Note that other examples of advice are also available [1] [2].

About Web 2.0 Services

This document covers use of third party Web services which can be used to provide additional functionality or services without requiring software to be installed locally. Such services include:

  • Search facilities, such as Google University Search and Atomz.
  • Social bookmarking services, such as del.icio.us.
  • Wiki services, such as WetPaint.
  • Usage analysis services, such Google Analytics and SiteMeter.
  • Chat services such as Gabbly and ToxBox.

Advantages and Disadvantages

Advantages of using such services include:

  • May not require scarce technical effort.
  • Facilitates experimentation and testing.
  • Enables a diversity of approaches to be taken.

Possible disadvantages of using such services include:

  • Potential security and legal concerns e.g. copyright, data protection, etc.
  • Potential for data loss or misuse.
  • Reliance on third parties with whom there may be no contractual agreements.

Risk Management and Web 2.0

Examples of risks and risk management approaches are given below.

Risk Assessment Management
Loss of service (e.g. company becomes bankrupt, closed down, …) Implications if service becomes unavailable.
Likelihood of service unavailability.
Use for non-mission critical services.
Have alternatives readily available.
Use trusted services.
Data loss Likelihood of data loss.
Lack of export capabilities.
Evaluation of service.
Non-critical use.
Testing of export.
Performance problems.
Unreliability of service.
Slow performance Testing.
Non-critical use.
Lack of interoperability. Likelihood of application lock-in.
Loss of integration and reuse of data.
Evaluation of integration and export capabilities.
Format changes New formats may not be stable. Plan for migration or use on a small-scale.
User issues User views on services. Gain feedback.

Note that in addition to risk assessment of Web 2.0 services, there is also a need to assess the risks of failing to provide such services.

Example of a Risk Management Approach

A risk management approach [3] was taken to use of various Web 2.0 services on the Institutional Web Management Workshop 2009 Web site.

Use of established services:
Google and Google Analytics are used to provide searching and usage reports.
Alternatives available:
Web server log files can still be analysed if the hosted usage analysis services become unavailable.
Management of services:
Interfaces to various services were managed to allow them to be easily changed or withdrawn.
User Engagement:
Users are warned of possible dangers and invited to engage in a pilot study.
Learning:
Learning may be regarded as the aim, not provision of long term service.

<!–

Agreements:
An agreement has been made for the hosting of a Chatbot service.

–>

References

  1. Checklist for assessing third-party IT services, University of Oxford,
    <http://www.oucs.ox.ac.uk/internal/3rdparty/checklist.xml>
  2. Guidelines for Using External Services, University of Edinburgh,
    <https://www.wiki.ed.ac.uk/download/attachments/8716376/GuidelinesForUsingExternalWeb2.0Services-20080801.pdf?version=1>
  3. Risk Assessment, IWMW 2006, UKOLN,
    <http://iwmw.ukoln.ac.uk/iwmw2009/risk-assessment/>
]]>
http://blogs.ukoln.ac.uk/cultural-heritage-documents/2010/09/02/risk-assessment-for-use-of-third-party-web-2-0-services/feed/ 0
Using the Risks and Opportunities Framework http://blogs.ukoln.ac.uk/cultural-heritage-documents/2010/09/02/using-the-risks-and-opportunities-framework/ http://blogs.ukoln.ac.uk/cultural-heritage-documents/2010/09/02/using-the-risks-and-opportunities-framework/#comments Thu, 02 Sep 2010 13:33:42 +0000 Brian Kelly http://culturalheritagedocs.wordpress.com/?p=212 Introduction

A Risks and Opportunities Framework for exploiting the potential of innovation such as the Social Web has been developed by UKOLN [1]. This approach has been summarised in a briefing document [2] [2]. This briefing document provides further information on the processes which can be used to implement the framework.

The Risks and Opportunities Frame

Figure 1: The risks frameworkThe Risks and Opportunities Framework aims to facilitate discussions and decision-making when use of innovative services is being considered.

As illustrated, a number of factors should be addressed in the planning processes for the use of innovative new services, such as use of the Social Web. Further information on these areas is given in [2].

Critical Friends

A ‘Critical Friends’ approach to addressing potential problems and concerns in the development of innovative services is being used to JISC to support its funding calls. As described on the Critical Friends Web site [3]:

The Critical Friend is a powerful idea, perhaps because it contains an inherent tension. Friends bring a high degree of unconditional positive regard. Critics are, at first sight at least, conditional, negative and intolerant of failure.

Perhaps the critical friend comes closest to what might be regarded as ‘true friendship’ – a successful marrying of unconditional support and unconditional critique.

The Critical Friends Web site provides a set of Effective Practice Guidelines [4] for Critical Friends, Programme Sponsors and Project Teams.

A successful Critical Friends approach will ensure that concerns are raised and addressed in an open, neutral and non-confrontational way.

Risk Management and Minimisation

It is important to acknowledge that there may be risks associated with the deployment of new services and to understand what those risks might be. As well as assessing the likelihood of the risks occurring and the significance of such risks there will be a need to identify ways in which such risks can be managed and minimised.

It should b noted that risk management approaches might include education, training and staff development as well technical development. It should also be recognised that if may be felt that risks are sometimes worth taking.

Gathering Evidence

The decision-making process can be helped if it is informed by evidence. Use of the Risks and Opportunities Framework is based on documentation of intended uses of the new service, perceived risks and benefits, costs and resource implications and approaches for risk minimisation. Where possible the information provided in the documentation should be linked to accompanying evidence.

In a rapidly changing technical environment with changing user needs and expectations there will be a need to periodically revisit evidence in order to ensure that significant changes have not taken place which may influence decisions which have been made.

Using The Framework

A template for use of the framework is summarised below:

Area Summary Evidence
Intended Use Specific examples of the intended use of the service. Examples of similar uses by one’s peers.
Benefits Description of the benefits for the various stakeholders. Evidence of benefits observed in related uses.
Risks Description of the risks for the various stakeholders. Evidence of risks entailed in related uses.
Missed Opportunities Description of the risks in not providing the service. Evidence of risks entailed by peers who failed to innovate.
Costs Description of the costs for the various stakeholders. Evidence of costs encountered by one’s peers.
Risk Minimisation Description of the costs for the various stakeholders. Evidence of risk minimisation approaches taken by others.

References

  1. Time To Stop Doing and Start Thinking: A Framework For Exploiting Web 2.0 Services, Kelly, B., Museums and the Web 2009: Proceedings,
    <http://www.ukoln.ac.uk/web-focus/papers/mw-2009/>
  2. A Risks and Opportunities Framework for the Social Web, UKOLN Cultural Heritage briefing document no. 67,
    <http://www.ukoln.ac.uk/cultural-heritage/documents/briefing-67/>
  3. Critical Friends Network,
    <http://www.critical-friends.org/>
  4. Guidelines for Effective Practice, Critical Friends Network,
    <http://www.critical-friends.org/daedalus/cfpublic.nsf/guidelines?openform>
]]>
http://blogs.ukoln.ac.uk/cultural-heritage-documents/2010/09/02/using-the-risks-and-opportunities-framework/feed/ 0
A Risks and Opportunities Framework For The Social Web http://blogs.ukoln.ac.uk/cultural-heritage-documents/2010/09/02/a-risks-and-opportunities-framework-for-the-social-web/ http://blogs.ukoln.ac.uk/cultural-heritage-documents/2010/09/02/a-risks-and-opportunities-framework-for-the-social-web/#comments Thu, 02 Sep 2010 13:31:00 +0000 Brian Kelly http://culturalheritagedocs.wordpress.com/?p=210 Introduction

In today’s environment of rapid technological innovation and changing user expectations coupled with financial pressures it is no longer possible for cultural heritage organisations to develop networked services without being prepared to take some risks [1]. The challenge is how to assess such risks prior to making policy decision as to whether the organisation is willing to take such risks.

This briefing document described a framework which aims to support the decision-making process in the content of possible use of the Social Web.

Assessing Risks

Risks should be assessed within the context of use. This context will include the intended purpose of the service, the benefits which the new service are perceived to bring to the various stakeholders and the costs and other resource implications of the deployment and use of the service.

Assessing Missed Opportunities

In addition to assessing the risks of use of a new service there is also a need to assess the risk of not using the new service – the missed opportunity costs. Failing to exploit a Social Web service could result in a loss of a user community or a failure to engage with new potential users. It may be the risks of failing to innovate could be greater than the risks of doing nothing.

Risk Management and Minimisation

It is important to acknowledge that there may be risks associated with the deployment of new services and to understand what those risks might be. As well as assessing the likelihood of the risks occurring and the significance of such risks there will be a need to identify ways in which such risks can be managed and minimised.

It should b noted that risk management approaches might include education, training and staff development as well technical development. It should also be recognised that if may be felt that risks are sometimes worth taking.

The Risks and Opportunities Framework

The Risks and Opportunities Framework was first described in a paper on “Time To Stop Doing and Start Thinking: A Framework For Exploiting Web 2.0 Services” presented at the Museums and the Web 2009 conference [2] and further described at [3].

Figure 1: The risks frameworkThis framework aims to facilitate discussions and decision-making when use of Social Web service is being considered.

The components of the framework are:

Intended use
Rather than talking about services in an abstract context (“shall we have a Facebook page“) specific details of the intended use should be provided.
Perceived benefits
A summary of the perceived benefits which use of the Social Web service are expected to provide should be documented.
Perceived risks
The perceived risks which use of the Social Web service may entail should be documented.
Missed opportunities
A summary of the missed opportunities and benefits which a failure to make use of the Social Web service should be documented.
Costs
A summary of the costs and other resource implications of use of the service should be documented.
Risk minimisation
Once the risks have been identified and discussed approaches to risk minimisation should be documented.
Evidence base
Evidence which back up assertions made in use of the framework.

References

  1. Risk Management InfoKit, JISC infoNET,
    <http://www.jiscinfonet.ac.uk/InfoKits/risk-management>
  2. Time To Stop Doing and Start Thinking: A Framework For Exploiting Web 2.0 Services, Kelly, B., Museums and the Web 2009: Proceedings,
    <http://www.ukoln.ac.uk/web-focus/papers/mw-2009/>
  3. Further Developments of a Risks and Opportunities Framework, Kelly, B., UK Web Focus blog, 16 April 2009,
    <http://ukwebfocus.wordpress.com/2009/04/16/further-developments-of-a-risks-and-opportunities-framework/>
]]>
http://blogs.ukoln.ac.uk/cultural-heritage-documents/2010/09/02/a-risks-and-opportunities-framework-for-the-social-web/feed/ 0