A Resilience Engineering Approach for the Risk Assessment of IT Services

Abstract

Nowadays, services related to IT technologies have assumed paramount importance in most sectors, creating complex systems involving different stakeholders. Such systems are subject to unpredictable risks that differ from what is usually expected and cannot be properly managed using traditional risk assessment approaches. Consequently, ensuring their reliability represents a critical task for companies, which need to adopt resilience engineering tools to reduce the occurrence of failures and malfunctions. With this goal in mind, the current study proposes a risk assessment procedure for cloud migration processes that integrates the application of the Functional Resonance Analysis Method (FRAM) with tools aimed at defining specific performance requirements for the suppliers of this service. In particular, the Critical-To-Quality (CTQ) method was used to define the quality drivers of the IT platform customers, while technical standards were applied to define requirements for a security management system, including aspects relevant to the supply chain. Such an approach was verified by means of its application to a real-life case study, which concerns the analysis of the risks inherent to the supply chain related to cloud migration. The results achieved can contribute to augmenting knowledge in the field of IT systems’ risk assessment, providing a base for further research.