• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Housing Technology Main Logo

Housing Technology

Housing | IT | Telecoms | Business | Ecology

  • Free Subscription
  • Contact
  • Home
  • Research
  • Magazine
  • Events
  • Awards
  • Recruitment
  • On Demand
Home / Free Subscriber Access / Effective IT risk management in housing

Effective IT risk management in housing

For many people, the first things that come to mind when thinking about IT risk are cyber security, disaster recovery and GDPR. However, there are many more areas to consider to effectively predict and mitigate issues relating to technology and data security. David Edge, solutions manager at Central Networks and Technologies, shares his thoughts on how to effectively manage IT risk in the housing sector.

ISO27001 is the most well-known international standard for managing information. Many people wrongly believe that it is a rather bureaucratic IT security standard; in fact, it’s a risk-based approach to managing your information assets, most of which happen to be technology-based.

Housing providers hold and share vast amounts of personal data. This can include anything from birth information to health conditions. Tenants’ data is sometimes shared with other organisations and they must protect their privacy in all cases. Policies and procedures must be in place for data storing and sharing, but in a sector that has limited funds and is often under-resourced, some organisations may feel that adhering to standards such as ISO27001 is too difficult or too expensive. However, many of its principles can be adapted to allow for effective IT risk management.

As the standard is risk-based and requires the development of a risk treatment plan, housing providers can take a broad, commercially-focused view on what they need to do to mitigate IT risk.

ISO27001 encourages organisations to think beyond typical IT threats such as viruses, account hacking and fraudulent payment requests or the loss of personal data. Instead, it focuses on the risk of compromising the confidentiality, integrity and availability of an organisation’s information assets.

It also prompts the consideration of a range of assets, and this is the key to IT risk management. IT outages, disruptions and data loss may not come from obvious places so organisations need to be sure that they have covered every aspect of their organisation and possible risks. Let’s look at the core information assets to consider.

People

One of the most significant risks relating to people is IT key person risk. For smaller housing providers with relatively few staff and perhaps older legacy business applications, there are often critical individuals who are the only ones who know how a system works and can be supported, and even larger housing providers can inadvertently fall into this trap. Considering people is also about how they behave, what processes they follow and how you educate them to help reduce IT risk.

Premises

No matter how much you spend on cyber security, a weak point in any IT system is the physical access to buildings, office space and data centres. These assets also need protecting from fire, flood, power outages and other disasters.

Third parties

Most organisations rely on specialists for contributing to their IT capabilities. Some may only supply support, some might host systems or others may process personal data. An organisation must understand who their IT suppliers are, what they do and what contractual protection you have with them.

Hardware

Housing providers need to consider all types of hardware, from mobiles and laptops to servers and storage. Identify what threats there are to any hardware and whether you are effectively mitigating those threats. This will vary from theft (a high risk for mobile devices) to catastrophic failure (a high risk for server equipment).

Data

Possibly the most important part of IT risk is data; where it is stored, how it is structured, processed and transmitted. An assessment of the threats and vulnerabilities associated with your data should form a significant part of your IT risk register.

Intellectual property

Although this is an area that is often overlooked, organisations must protect their identity, processes and their software appropriately.

How do I know if I have considered all IT risks?

This is almost impossible to guarantee but there are ways to help with assessing your IT risks. When you construct your initial risk register, make sure you have brainstormed all of your asset types with your team. You should then consider any threats they face and your vulnerability to those threats. Try to find a list of standard threats and vulnerabilities online – organisations such as Advisera offer ideas to help assure you that you have considered everything.

Housing providers and their environments change, and so do their risk profiles. It’s essential to continuously review your risks and refine them in light of changes to your organisation. Reflect on recent incidents that might have highlighted new risks that you may not have previously considered.

Reducing IT risk

The main approaches needed by organisations when looking at mitigating IT risks are prioritisation, risk acceptance and thinking outside the box. You can’t reduce all risks at once, so developing a prioritised roadmap allows you to reduce the biggest ones immediately and helps make risk reduction commercially feasible.

It’s also important to accept that you simply can’t completely mitigate all your risks. There will always be some risk to accept. Many organisations choose to insure their IT. For example, cyber cover offers you insurance against the cost of recovering from a cyber incident. Once you have identified and graded your risks, your team needs to agree on acceptable risk levels; you can then aim to reduce them to that level or even just monitor risks that already fall below that level.

ISO recommends several options for reducing risk. They include:

  • Technology controls such as end-user device protection, encryption, firewalls, patching and identity management.
  • Physical controls such as ID card and building passes, CCTV, fire suppression and server room controls.
  • Employee education curriculums and delivery tools.
  • IT policies that are clearly communicated and audited, together with a range of procedures which ensure that the policies are adhered too.
  • Supplier management and due diligence controls which ensure that your partners work to your standards.
  • Privacy by design and project risk. Make sure that any of your projects, organisational changes or IT initiatives consider information security and risks.

With such high stakes, housing providers must manage risk effectively. It is important that they continuously review their IT risks and refine them in light of any changes.

Even though some organisations might feel that adhering to ISO27001 is too difficult or expensive, many of its principles can be adapted for effective IT risk management. Housing providers can do this by being agile in their approach, prioritising risks, accepting some risks and developing a risk treatment plan to tackle any potential issues.

David Edge is a solutions manager at Central Network & Technologies.

See More On:

  • Vendor: Central Networks & Technologies
  • Topic: Infrastructure
  • Publication Date: 076 - July 2020
  • Type: Contributed Articles

Primary Sidebar

Most Recent Articles

  • Artificial intelligence in housing
  • Mobysoft – Data problems affecting complaints’ handling
  • Data, AI and private-sector strategies
  • Smart repairs & smarter homes
  • From firewalls to fortresses
  • Achieving three quick wins in AI
  • Rebuilding Selwood Housing’s IT infrastructure
  • Are you ready for organisational AI?
  • PIMSS releases AI Document Reader for compliance
  • Calico Homes cuts arrears with RentSense
  • FourNet launches digital transformation index
  • New income recovery software from Voicescape
  • Asprey Assets at YMCA
  • I love spreadsheets…
  • All watched over by machines of loving grace – AI assistants and adult social care
  • The rent revolution – The case for AI-powered payments
  • Unlocking safer living through data
  • Aareon acquires MIS ActiveH
  • Vericon launches MouldSense
  • Back to the future at Housing Technology 2025
  • FireAngel wins Which? Award
  • Maximising income and preventing homelessness
  • Anchoring digital innovation with Plentific
  • Cynon Taf Community Housing gets Housing Insight’s Arrears Manager
  • Tenants, AI & your biggest compliance risk
  • EDITOR’S NOTES – Data, standards & straight-through processing
  • AI as a social housing expert
  • South Yorkshire Housing halves arrears with Mobysoft
  • Bromford Flagship wins Aico’s smart-home competition
  • Putting VIVID’s customers in control of their tenancies

Footer

Housing Technology Main Logo
  • Instagram
  • LinkedIn
  • YouTube
  • Contact
  • Free Subscription
  • Book an event
  • Research
  • Update Your Subscription
  • Privacy Policy

Welcome to the housing Technology – Trusted Information For Business Professionals in HOusing

Housing Technology is the leading technology information service for the UK housing sector and local governments. We have always believed in the fundamental importance of how the UK’s social housing providers use technology to improve their tenants’ lives.

Subscribe to Housing Technology to gain market-leading research, unsurpassed peer networking opportunities and a greater understanding of your role to transform your business.

Copyright © The Intelligent Business Company 2025 | Terms and Conditions | Privacy Policy
Housing Technology is published by the The Intelligent Business Company. A company with limited liability. Registered in England No. 4958057 | Vat Registion No. 833 0069 55.

Registered Business Address: Hoppingwood Farm, Robin Hood Way, London, SW20 0AB | Telephone: +44 (0) 20 8336 2293