...
Risk Nbr | Risk Name | Description/Risk Outcome | Annex A Controls | Likelihood | Impact Level | Severity | Mitigation/Treatment | Post-Treatment Likelihood | Post-Treatment Severity | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Client Data Breach | A data breach may occur in one of our client’s software environments which may result in exposure of critical information. |
|
| |||||||||||
2 | Staff Breach | A staff member may expose critical data from a client’s software environment which could then be published. |
| ||||||||||||
3 | Hardware Loss | We may experience the failure of our hardware (primarily work laptops) which could result in loss of critical information to perform our duties. |
| ||||||||||||
4 | Software Failures | ||||||||||||||
5 | Employee Fraud | ||||||||||||||
6 | Employee Injury | ||||||||||||||
7 | Natural Disaster | ||||||||||||||
8 | Software Development Standard Breach | ||||||||||||||
9 | Physical Security Breach | ||||||||||||||
10 | Contractural Relations Breach | ||||||||||||||
11 | Damage caused by Third Party | ||||||||||||||
12 | Malicious Code | ||||||||||||||
13 | Equipment Theft | ||||||||||||||
14 | Sensitive Data Threat | ||||||||||||||
15 | Security Information System Failure |
|
We have used the following matrix to determine the severity of a stated risk:
Risk Likelihood | Risk Impact Level | Risk Severity |
|---|---|---|