UK Web Focus (Brian Kelly)

Innovation and best practices for the Web

  • Email Subscription (Feedburner)

  • Twitter

    Posts on this blog cover ideas often discussed on Twitter. Feel free to follow @briankelly.

    Brian Kelly on Twitter Counter

  • Syndicate This Page

    RSS Feed for this page


    Creative Commons License
    This work is licensed under a Creative Commons Attribution 2.0 UK: England & Wales License. As described in a blog post this licence applies to textual content published by the author and (unless stated otherwise) guest bloggers. Also note that on 24 October 2011 the licence was changed from CC-BY-SA to CC-BY. Comments posted on this blog will also be deemed to have been published with this licence. Please note though, that images and other resources embedded in the blog may not be covered by this licence.

    Contact Details

    Brian's email address is You can also follow him on Twitter using the ID briankelly. Also note that the @ukwebfocus Twitter ID provides automated alerts of new blog posts.

  • Contact Details

    My LinkedIn profile provides details of my professional activities.

    View Brian Kelly's profile on LinkedIn

    Also see my profile.

  • Top Posts & Pages

  • Privacy


    This blog is hosted by which uses Google Analytics (which makes use of 'cookie' technologies) to provide the blog owner with information on usage of this blog.

    Other Privacy Issues

    If you wish to make a comment on this blog you must provide an email address. This is required in order to minimise comment spamming. The email address will not be made public.

Risk Management – the JISC infoNET Perspective

Posted by Brian Kelly on 20 Jan 2009

I’ve previously written about the need to adopt a risk management approach to the use of Web 2.0 services. This was something I started doing back in 2006, when I wrote a risk assessment page which covered use of a variety of Web 2.0 services which were used to support the IWMW 2006 event.

I’ve an interest in further developing a framework for the effective exploitation of Web 2.0 service and clearly the risks management approach should form an important part of such a framework. So I found it very useful to read  the JISC infoNET Risk Management infoKit.

As pointed out in the introduction to this document “In education, as in any other environment, you can’t decide not to take risks: that simply isn’t an option in today’s world. All of us take risks and it’s a question of which risks we take“.

So we can’t avoid risk-taking. And yet the document suggests that public-sector organisations – which will include the educational sector – tend to be very risk averse, as shown in the spectrum of attitudes to risk-taking:

There is therefore a challenge which we need to face, especially if we are seeking to be innovative. And an important aspect of this challenge will be cultural change. Now many of the early adopters of Web innovations might feel that this view of being risk adverse isn’t applicable to them. But my interest is in mainstream adoption of innovative services and this  requires a willingness to take risks associated with changes.  And the document provides examples of people who are likely to be adverse stakeholders:

  • People who fear loss of their jobs
  • People who will require re-training
  • People who may be moved to a different department/team
  • People who may be required to commit resources to the project
  • People who fear loss of control over a function or resources
  • People who will have to do their job in a different way
  • People who will have to carry out new or additional functions
  • People who will have to use a new technology

So what should the early adopters and developers do if they wish to see innovations which they feel will benefit the organisation be adopted more widely? As the document points outAt the risk of labouring a very obvious point you don’t create risks by identifying them. You are simply revealing them so that you can do something about them”.  So one thing we should be doing is being open about risks and failures (as I have done recently in describing the failure of Squirl and Pownce). But we should also be open about the failures of in-house developments and project work, too.

The JISC infoNET infoKit goes on to list five stages in its approach to risk management: risk identification; qualitative risk analysis; quantative risk analysis; risk response planning and risk monitoring and control. In further blog posts I intend to further explore approaches to risk management in a Web 2.0 context. I’d be interested to hear if anyone else is taking a similar approach within their institution.

One Response to “Risk Management – the JISC infoNET Perspective”

  1. PM Hut said

    For some reason the image (on risks) isn’t showing properly.

    A quick note on the risks in the public sector. The thing is with public sector projects, a lot of the risks that affect normal, private sector projects, do not exist. Almost all risks affecting the budget and the delivery time are meaningless in the public sector (as more time and money can always be accommodated).

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: