mirror of
https://github.com/Karaka-Management/Organization-Guide.git
synced 2026-01-11 04:48:42 +00:00
6.6 KiB
6.6 KiB
Support & Service Risk Control Matrix
| No. | R | Category | Risk Event | L | C | F | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | CTO | Operational Risk (Support & Service) | No legal basis for accessing customer data during customer support & service. | 1 | 1 | Daily | Preventing (Manual) | Every customer must sign the Customer Data Protection Policy before they can receive support & service | 1 | 1 | yes | yes | ||||
| 2 | CTO | Operational Risk (Support & Service) | No legal protection regarding liabilities and responsibilities during customer support & service. | 1 | 1 | Daily | Preventing (Manual) | Every customer must sign the Customer Service Agreement before they can receive support & service | 1 | 1 | yes | yes | ||||
| 3 | CTO | Operational Risk (Support & Service) | Unauthorized people make support & service requests. | 1 | 1 | Many times a day | Preventing (Manual) | Only authorized are allowed to do support & service requests | 1 | 1 | yes | yes | ||||
| 4a | CTO | Operational Risk (Support & Service) | Not well defined goals and tasks resulting in miscommunication, high costs and unmet expectations. | 1 | 1 | Many times a day | Preventing (Manual) | Define goals, tasks, specifications and costs in writing in an offer. | 1 | 1 | yes | yes | ||||
| 4b | CTO | Operational Risk (Support & Service) | The goals, tasks, specifications and costs are estimated with significant deviations. | 1 | 1 | Many times a day | Preventing (Manual) | Only personnel with sufficient experience is allowed to make these estimations | 1 | 1 | yes | yes | ||||
| 5 | CTO | Operational Risk (Support & Service) | The customer disputes the provided service. | 1 | 1 | Many times a day | Preventing (Manual) | The customer must approve the offer in writing. | 1 | 1 | yes | yes | ||||
| 6 | CTO | Operational Risk (Support & Service) | Environment setup & configuration by inexperienced employees | 1 | 1 | Daily | Preventing (Manual) | Only employees with sufficient experience are allowed to perform the environment setup & configuration. | 1 | 1 | yes | yes | ||||
| 7 | CTO | Operational Risk (Support & Service) | The customer disputes the provided service. | 1 | 1 | Many times a day | Preventing (Manual) | Software setup & configuration is only allowed together with the customer. | 1 | 1 | yes | yes | ||||
| 8 | CTO | Operational Risk (Support & Service) | Installation of unapproved software on the customer server causing issues. | 1 | 1 | Many times a day | Preventing (Manual) | Only approved software is allowed to get installed on the customer servers | 1 | 1 | yes | yes | ||||
| 9 | CTO | Operational Risk (Support & Service) | Bad, risky or faulty software gets approved for the installation at customers. | 1 | 1 | Quarterly | Preventing (Manual) | Only the CTO is allowed to approve software to be installed on customer hardware after testing. | 1 | 1 | yes | yes | ||||
| 10 | CTO | Operational Risk (Support & Service) | Insufficient hardware resources for the application | 1 | 1 | Daily | Preventing (Manual) | Tested system requirements are provided for the customers. | 1 | 1 | yes | yes | ||||
| 11 | CTO | Operational Risk (Support & Service) | Leaking customer data incl. server login names and passwords. | 1 | 1 | Daily | Preventing (Manual) | No customer data incl. server login names or passwords are stored on the organization side. | 1 | 1 | yes | yes | ||||
| 12 | CTO | Operational Risk (Support & Service) | Not all necessary steps are executed during the application setup or faulty. | 1 | 1 | Daily | Preventing (Manual) | A Application Install Checklist is provided which has to be used during the install process. | 1 | 1 | yes | yes | ||||
| 13 | CTO | Operational Risk (Support & Service) | The trainings don't cover important aspects. | 1 | 1 | Daily | Preventing (Manual) | Trainings must be held according to the Training Manuals defined by the CTO. | 1 | 1 | yes | yes | ||||
| 14 | CTO | Operational Risk (Support & Service) | The maintenance doesn't cover important aspects. | 1 | 1 | Daily | Preventing (Manual) | Maintenance must be performed according to the Maintenance Checklist defined by the CTO. | 1 | 1 | yes | yes | ||||
| 15 | HOCS | Operational Risk (Support & Service) | Support requests from customers are handled by people who don't have the necessary skills or experiences. | 1 | 1 | Preventing (Manual) | Support requests are assigned according to experiences and skillsets by team leaders, senior employees or the HOCS. | 1 | 1 | yes | yes | |||||
| 16 | CTO | Operational Risk (Support & Service) | The provided support is not satisfactory for the customers. | 1 | 1 | Revealing (Manual) | Customers have the option to provide feedback after every closed support request. | 1 | 1 | yes | yes |
Abbreviations
-
R: Responsible
-
L: Likelihood (1-5)
-
C: Consequence (1-5)
-
L*/C*: Likelihood and Consequence after mitigation
-
F: Frequency (many times a day, daily, weekly, monthly, annually)
-
ES: Effective
-
EY: Efficient
2022-01-01 - Version 1.0