Application
This unit describes the skills and knowledge required to implement procedures that identify, analyse, evaluate and monitor risks involving information and communications technology (ICT) systems and technology. This includes the development and management of contingency plans.
It applies to individuals who provide high level technical skills and knowledge, and systematic approaches to manage risk in ICT systems.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Elements and Performance Criteria
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Establish risk context | 1.1 Review and document organisational and technical environment 1.2 Establish and document risk boundaries according to business operating and strategic environment |
2. Identify risk factors | 2.1 Develop or acquire a measurement scale for project risk, which includes importance, complexity, time and resources required 2.2 Identify project risks based on the measurement scale developed and document according to business requirements 2.3 Identify business impact of changes and document according to current and future business directions |
3. Implement contingency plans | 3.1 Classify each risk and create contingency plans that address how the risk will be monitored and overcome, if possible 3.2 Identify measurable benchmarks to track the treatment of risks to the new system 3.3 Identify risk management intervention points according to benchmarked performance tolerances 3.4 Demonstrate use of phased implementation and piloting to reduce risk factors |
4. Monitor, update and report risk profile | 4.1 Conduct regular risk updates to add new risks and remove old ones 4.2 Update contingency plans when appropriate to incorporate new information 4.3 Conduct risk reviews at major project milestones and document outcomes 4.4 Establish feedback processes to provide warning of potential new risks according to business requirements |
Evidence of Performance
Evidence of the ability to:
identify and document where risk occurs
develop and implement measures to mitigate or obviate risk
set up procedures for regular risk management
monitor, review and report risk profile
Note: Evidence must be provided for at least TWO information and communications technology (ICT) environments.
Evidence of Knowledge
To complete the unit requirements safely and effectively, the individual must:
analyse and discuss risk management strategies and issues
outline key features of regulation, standards and codes of practice relevant to risk management including:
ethics
copyright and intellectual property
privacy legislation
identify and describe guidelines required for updating technology
describe the business supply chain for the ICT industry
summarise user analysis and the client relationship management (CRM) systems
describe business process design principles in relation to risk management.
Assessment Conditions
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the systems administration and support field of work and include access to:
special purpose tools, equipment and materials
industry software packages
analysis software
business website
networks
requirements documentation
risk management plan
site server
site server software
software applications
updated or new technology
user analysis
web servers.
Assessors must satisfy NVR/AQTF assessor requirements.
Foundation Skills
This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.
Skill | Performance Criteria | Description |
Reading | 1.1 | Compares and contrasts complex technical information and numerical data from different sources to determine requirements and complete necessary actions |
Writing | 1.1, 1.2, 2.1-2.3, 3.1, 4.2, 4.3 | Develops material using specific and technical language, and organises content in a manner that supports the purpose of the document |
Oral Communication | 4.1, 4.3, 4.4 | Obtains information by listening and questioning, and participates in verbal exchanges with stakeholders using clear and accurate language to express requirements and present information |
Numeracy | 2.1-2.3, 3.2, 3.3, 4.2 | Uses mathematical equations to calculate and compare numerical data against benchmarks to determine required actions Creates or uses measurement scales to rate and prioritise risk |
Interact with others | 4.1, 4.3, 4.4 | Selects and uses appropriate conventions and protocols when communicating with stakeholders in a range of work contexts |
Get the work done | 1.1, 1.2, 2.1-2.3, 3.1-3.4, 4.1-4.4 | Takes responsibility for planning, sequencing and prioritising tasks and own workload for efficiency and effective outcomes Uses formal analytical thinking techniques for identifying issues and generating possible solutions, seeking input from others as required |
Sectors
Systems administration and support