Risk Management is just about...
Provide our definition of risk management from a RTO/PEI/PTE data security perspective
According to Dell, "Data security is a major problem for any company that has valuable information to protect, and that means most companies these days."
1) Data only needs to be backed up once a month
Because, what are the chances of my data getting corrupted or lost, right?
The lack of emphasis on frequent backups has eroded over time, and the focus has shifted from prevention to cures.
Your data should be backed up at least once a day, especially if you're running a training organisation that handles a substantial number of student records. Most SaaS blogs would recommend backing up your data at least once a month, but that comes with the risk of losing crucial data at any time.
Our customers enjoy daily cloud backups three times daily, and backups are retained for up to 3 months. You can even request offline copies of your backups to keep in your office for an extra layer of security.
2) Cloud-based apps are not affordable.
That's fortunately not true. Compliance Officers or Operations Managers have been trained to find the cheapest solution without considering other elements like Functionality, Reliability, Support, and User Experience.
Here's some good news: most cloud vendors offer subscriptions starting at just $90/month, with the latest and greatest security features available in the market.
That's actually really affordable. Think about it - it's just one or two less expensive meals per month, and budgets from your other subscriptions that aren't really utilised can be channeled into this effort.
3) Data security just means a difficult "secret" password
Wrong. There's really more to it than an odd combination of alphabets, numbers, and symbols.
That's because training providers don't just function as education hubs; they act as guardians of personal and confidential information that their learners have entrusted them with. As training education providers, the goal here is to protect confidential and sensitive information that goes from contact details to disabililty and certification information.
They've certainly gone a long way from pen-and-paper records in locked drawers back in the 80's! Most training providers today use compliant student management software to store their data.
Data security for training providers includes the following key features:
- User Rights
- Audit Trails
- Change History
- Multi-Factor Authentication
The key to this is finding a software provider that allows you to restrict data access from unverified devices or even users.
Standard SaaS packages today should include those security features. If the provider you're considering doesn't have any of the above, chances are you've found the wrong one. Read this post to learn why (link to Application Experience Post)
4) Processes don't have to be consistent
Not at all. On the contrary, keeping processes consistent is one way to achieve two elements of risk management: data accuracy and cost reduction.
It might seem trendy to think "out-of-the-box" and get creative with operational processes, but it's best to proceed with caution. Granting flexibility in the generation of, say, an AVETMISS data export, could lead to inaccuracies and missing information.
5) Risk Management is just about numbers and profit