This website uses cookies for anonymised analytics and for account authentication. See our privacy and cookies policies for more information.


Supporting Scotland's vibrant voluntary sector

Scottish Council for Voluntary Organisations

The Scottish Council for Voluntary Organisations is the membership organisation for Scotland's charities, voluntary organisations and social enterprises. Charity registered in Scotland SC003558. Registered office Mansfield Traquair Centre, 15 Mansfield Place, Edinburgh EH3 6BB.

Remembering risk management as we embrace the “new normal”

Here at SCVO we have been undertaking a period of reflection, now that the initial storm of the Coronavirus has passed. Way back in March (oh, so long ago now) many organisations, just like ours, nimbly adjusted to the new set of circumstances. 84% of charities changed how they delivered services and 42% moved to providing support virtually or by ‘phone.

One of our more recent Digishift calls was a wonderfully reflective one where participants shared their experiences and their joy at how much they had accomplished in an arena that, not so long ago, felt very big and very difficult. Read more about this in Maddie’s blog.

And all of that is great – but now it’s time to take stock and look a little deeper into what was created out of timely necessity, to ensure it is safe, secure and fit for purpose going forward.

The implementation of new technologies back at the start was driven by the need to provide service to users and functionality to employees. Would it be harsh to suggest that, in some cases, making big changes at speed meant that key risks were overlooked.

Let’s consider data security and privacy… We learned a lot about both of these with our GDPR training back in 2018 and they remain as important as ever. Undertaking an impact assessment prior to implementing a new process or system may have been overlooked in the rush to deploy home working and may benefit from a retrofit.

Another area which demands attention is the identification of our critical assets and services. Many organisations adopted Software as a Service (SaaS) at the start of the pandemic. Using products like Microsoft Office 365 provide access and resilience for home users but it is important to delve deeper into what services you have bought. Don’t make assumptions about backup protocols, for example… one requirement of Data Protection 2018 was that personally identifiable information on an individual should not leave Europe – have you checked that your cloud service provider is using Europe based data centres for the storage of the personal information of your stakeholders?

Further on the subject of supply chain – this is a good time to review the stability of the organisations within your supply chain. Look at the organisations you partner with or rely on for goods or services – ask the difficult questions about both data security and business security. Any business is only as good as the weakest link in its supply chain, so try and ensure that yours is as resilient as possible. If you have concerns about a partner, think hard about risk mitigation by identifying a secondary supplier or different way of working.

This sounds like a lot to think about, but help is always at hand. During the pandemic, the team at SCVO have been working hard to produce a number of “How to guides” which cover a whole raft of subjects ranging from the implementation of digital services, to digital inclusion and remote working. My favourite page, the one on cyber resilience, is definitely worth a read!

I think it is reasonable to say that we are all in a very different place from where we were in early March 2020. So much has been gained by embracing digital technology and there is so much more that can be achieved going forward. This is not the time to turn our backs and revert back to pre-Coronavirus “business as usual.” We have entered another phase of “new normal” - let's build on that in a safe, secure and resilient way.

Last modified on 31 August 2020