Developing a Risk Management Process and a Risk Taxonomy for Medium-sized IT Solution Providers

To differentiate from competitors, some organizations are transforming their business models from offering single products or services to providing IT solutions. In an IT solution, the provider and the customer co-operate in integrat-ing hardware, software and service components to fulfil customer-specific needs. The new business model, however, presents new risks, for example, those engendered by operating the IT solution on behalf of the customer and by in-tegrating modules from third-party providers. Also IT solution providers need to support the whole lifecycle from planning to end-of-life, and account for customer-specific risk profiles. It is therefore important that IT solution pro-viders understand these additional risks, and that they adapt their risk management processes to account for and mitigate these risks. In this paper, we present the results of a design science research project conducted in a medium-sized IT solution pro-vider. We developed two artifacts. First, we developed a risk management process that could be generalized to IT solution providers of similar size. Second, we derived a taxonomy of IT solution risks to drive the risk management process. We describe process how the organization under study transformed its risk management processes and dis-cuss implications for other medium-sized IT solution providers.     «

To differentiate from competitors, some organizations are transforming their business models from offering single products or services to providing IT solutions. In an IT solution, the provider and the customer co-operate in integrat-ing hardware, software and service components to fulfil customer-specific needs. The new business model, however, presents new risks, for example, those engendered by operating the IT solution on behalf of the customer and by in-tegrating modules from third-party pr...     »