Enterprise Risk Management Services

Service Description

Risk Management Services, part of the Enterprise Security and Risk Management Office (ESRMO), supports the State CIO in the performance of duties and responsibilities associated with information technology risk management, continuity of operations/continuity of government, and assessments as they relate to information technology. The Risk Management team offers business continuity management and risk advisory services designed to identify and provide guidance on potential events that may impact the delivery of information technology services and provides managers with reasonable assurance that IT service objectives are being achieved. We work with State agencies, federal and local governments, and private businesses and non-profits as necessary.

In cooperation with the Department of Public Safety, the Risk Management Services team assists State agencies in developing their business continuity and disaster recovery plans with respect to information technology, as prescribed by N.C.G.S ยง 143B-1331 and other legal and regulatory requirements. We review agency plans annually and evaluate them based on the Statewide Information Security Policy Manual, other legal and regulatory requirements, and best practices. Assistance and consultation regarding the use of Business Impact Analysis (BIA) and Living Disaster Recovery Planning System (LDRPS) software are also provided.

LDRPS is a SunGard Availability Services product and is provided to executive branch agencies for the purpose of creating and maintaining their Business Continuity Plans. Free online LDRPS training is available for Business Continuity Management representatives. Additional services include policy development, education and training, business continuity/disaster recovery plan consultation, and special projects.

Hours of Availability

  • Services are available from 9:00 a.m. to 5:00 p.m., Monday through Friday, except for holidays.
  • After hours availability is provided as needed.

Customer Responsibilities

Risk Management
  • Comply with State Risk Management policies and standards.
  • Read and follow the DIT Risk Management Guide.
  • Prepare a pre-risk assessment form.
  • Provide application/business process criteria for risk assessments.
  • Participate in risk analysis and mitigation planning.
  • Identify line of business, business process owner, and participants.
Business Continuity and Disaster Recovery Plans
  • Update the Business Continuity and Disaster Recovery Plan (BC/DR) periodically.
  • Identify agency contact for Business Continuity Management (BCM) issues.
  • Attend training and awareness events.
  • Comply with State BCM policies and standards.
  • Submit IT BC/DR Plan annually to the State Chief Information Officer.
  • Attend Business Continuity/Disaster Recovery and Continuity of Operations (COOP) Steering Committee meetings.
  • Notify Risk Management Services of Business Continuity Plan (BCP) and Continuity of Operations Planning (COOP) personnel changes.

How Do We Charge?

Currently, the Enterprise Security and Risk Management Office (ESRMO) does not charge for this service.

Request Any Service

Contact Our Service Desk:
Phone: 919-754-6000 or 1-800-722-3946
Email: dit.incidents@its.nc.gov