RISK MANAGEMENT PLAN FOR A UNIVERSITY UNDER FERPA Compliance Laws
TABLE OF CONTENTS
1.1 FERPA Risk Management Plan – a project team has been assembled to identify, analyze and manage the current risks with the universities IT infrastructure. We will outline in this table of contents how the activities will be performed, recorded, and monitored throughout the lifecycle of the project.
2. Risk Management Procedure
2.1 Risk Planning
Goals of the risk management plan
Approach to resolve the risks
2.2 Risk Identification - Risk identification will involve the project team, appropriate stakeholders, and will include an evaluation of environmental factors, organizational culture and the project management plan including the project scope. Careful attention will be given to the project deliverables, assumptions, constraints, WBS, cost/effort estimates, resource plan, and other key project documents.
Inter-office romance gone bad
Downloading e-mail attachments from an unknown source
Unauthorized access to university owned computers
LAN – to – WAN
Service provider outage
Server OS vulnerability
Unauthorized WLAN access
Fire destruction of main server room
Remote access from SOHO
2.3 Risk Assessment - All risks identified will be assessed to identify the range of possible project outcomes. Qualification will be used to determine which risks are the top risks to pursue and respond to and which risks can be ignored.
2.3.1 Qualitative Risk Analysis
The probability and impact of occurrence for each identified risk will be assessed by the project team, with input from the project team using the following approach:
High – Greater than probability of...