The aim of a Risk Management process is to support better decision making through a good understanding of risks and their likely impact on "the business".

Risk Management involves the identification, selection and adoption of countermeasures justified by the identified risks to assets in terms of their potential impact upon services if failure occurs, and the reduction of those risks to an acceptable level.

A pragmatic comprehensive very light weight approach to risk management for services provided by IT and GS, integrated with the service catalog, and supported by the CERN service management system was implemented after approval by IT and GS management.

The concise document that can be found here explains the concepts and implementation in detail. This constitutes a common framework for all service providers at CERN, it's a first step with an aim to create awareness.

A presentation can be found here.

Specific to service management: a high level analysis of risks associated to the service management tool, and service desk have resulted in the following mitigating measures:

• in case of network, electrical power or other problems in building 55 a backup location (connected to the 77777 call center) is provided in building 73, which is close (5 mins walk), and at the same time far enough to benefit from separate connection to network etc..
• the sevice management tool is hosted outside CERN (which means it will continue to work even if CERN is down), and has a 'hot failover' architecture between a Geneva and Zurich computer center.

Both of the above mitigating measures have been tested with success during the the 2.5 years of operation we have behind us; and no significant service interruptions have been experienced in spite of multiple incidents that triggered the business continuity procedure.