iso27diy-corp/Corpus/Various/Assessing reputational risks.md

From a LinkedIn post by Mads Bundgaard Nielsen

1. Perform a Stakeholder analysis, mapping them on two dimensions: a) Strategic importance: Stakeholder can influence path to strategic objectives
   b) Incident sensitivity: Negative reaction is influenced by your incidents.

   • Note the important and sensitive stakeholders.

2. Identify events that can impact your reputation with important stakeholders: breach, service disruption, delays, budget exceedance, ransomware, fraud, etc. - Bear in mind: Not all event types evoke the same reaction from the same stakeholder.

3. List the possible impact from negative reactions (see notes for examples); Ask yourself “what would I see, if my reputation with stakeholder was diminished?”. 1-3 tangible metrics will probably immediately pop up, and if not, its probably not an important stakeholder after all.

4. Identify levers: What actions (preemptive or reactive) are you able to take or plan? Probably only a handful. The good news is that your levers almost certainly mitigate >90% of the negative reputation outcomes.