Operational Risk is defined as, "[T]he risk of loss resulting from inadequate or failed internal processes, people and systems or from external events [i.e., fires, storms, earthquakes, etc.]" Op Risk includes such disciplines as information security, business continuity planning ("BCP"), records management and operational controls. It spans such legal/regulatory areas as Basel II, the Gramm-Leach-Bliley Act, HIPAA and SOX 404.
This site is founded on the principle that Information Security, BCP and the other disciplines within Op Risk must be treated as parts of a greater whole and not as stand alone specialties. Each of these fields focuses on controls to minimize "the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events" and to ensure the Confidentiality, Integrity and Availability of Information. The calculation of risk within each of the disciplines is a function of Impact and Probability. By focusing on these common, fundamental principles we can facilitate a greater consistency and efficiency in dealing with risk within the organization.