week 16

K1.16 Types of risk response within a digital infrastructure context:

When risks are identified in a digital infrastructure (e.g. networks, servers, software systems), organisations must decide how to respond. The chosen response depends on the severity, probability, cost, and business impact of the risk.

There are four common types of risk response:

Accept the Risk

Definition:

The organisation chooses to do nothing about the risk because:

• The cost of responding is greater than the cost of the risk

• The impact is low and considered manageable

• It’s not practical to control

Example in Digital Infrastructure:

• A legacy printer may crash once a month but restarting it fixes the issue easily. The business accepts the minor disruption.

Key Point:

You must still monitor the risk, even if it’s accepted.

Avoid the Risk

Definition:

The organisation eliminates the risk entirely by changing plans, tools, or actions.

Example in Digital Infrastructure:

• Instead of building a custom cloud storage solution (which could fail due to lack of expertise), a company uses a trusted third-party cloud provider.

Key Point:

Avoiding risk usually means changing the original scope, technology, or method of a project.

Mitigate the Risk

Definition:

The organisation reduces the chance of the risk happening or minimises the impact if it does.

Example in Digital Infrastructure:

• To mitigate the risk of data loss, automated cloud backups are set up daily.

• To reduce the risk of phishing, staff receive regular cybersecurity training.

Key Point:

Mitigation uses controls, policies, or systems to lower the level of risk.

Transfer the Risk

Definition:

The organisation passes the responsibility for the risk to a third party (usually through a contract).

Example in Digital Infrastructure:

• Cybersecurity insurance is purchased so the company is covered for financial losses due to a breach.

• A managed service provider (MSP) is hired to manage network security and ensure compliance.

Key Point:

Risk is not removed—it’s just handled by someone else, often at a cost.

What is the purpose of a risk assessment and how does it identify and reduces risks through HSE guidelines and different responses to risks: 
Accept. 
Avoid. 
Mitigate. 
Transfer. 

Research health and safety at work guidelines and create a poster that could be used in the workplace.

Last Updated
2025-07-14 10:29:52