Managing Risk
The United Nations Archives and Records Management Section has developed this guidance to provide an overview of information risks in the context of records management. It provides a snapshot of information and records risks and proposes potential risk mitigation strategies. This page also provides links to more detailed guidance on risks arising from managing sensitive information, as well as business continuity risks such as the damage or loss of records and information from disasters or major systems failure.
Understanding the information risks of a specific programme through a comprehensive assessment of its records and information management activities, allows offices to plan for their mitigation. A strong records management regime should be one of your primary risk mitigation strategies. A risk-based approach to records and information management has the potential to deliver benefits, ranging from enhancing an Organization’s performance, to improving the strategic use of information.
This guidance is intended for information and programme managers in information technology or substantive areas seeking to reinforce their information management capacity and the accountability framework for their core activities.
Overview of Information and Records Management Risks
- Managing records to manage information risks
- Towards an accountability system in the United Nations Secretariat (A/64/640:Page 22 )
- Presentation on managing information risks in peacekeeping operations
Guidance on Information Security Risks
An important aspect of managing risk is managing information security. Records and information are important assets of the United Nations, and sound procedures for the protection of the information sensitivity and security are critical for the proper management of the Organization’s records. Information sensitivity relates to the level of confidentiality of the information within the United Nations.
The appropriate handling of sensitive information is crucial to the success of the Organization and its operations throughout the world. Information security relates to the protection of the information, including access controls. Information security also ensures that the information is available when needed and that its integrity is maintained, i.e. that it is not altered or inappropriately disclosed.
- Ensuring records are secure
- Understanding information sensitivity
- How do I protect sensitive information?
- How do I ensure records are secure?
Guidance on Business Continuity Risks
- How do I protect records from loss or damage?
- How do I protect records in an emergency?
- How do I know which records are vital?