...
Risk Nbr | Risk Name | Description/Risk Outcome | Annex A Controls | Likelihood | Impact Level | Severity | Mitigation/Treatment | Post-Treatment Likelihood | Post-Treatment Severity | Post-Treatment Assessment | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Client Data Breach | A data breach may occur in one of our client’s software environments which may result in exposure of critical information. |
|
| ||||||||||||||||||||||||||||||||||||
2 | Staff Breach | A staff member may expose critical data from a client’s software environment which could then be published. |
| |||||||||||||||||||||||||||||||||||||
3 | Hardware Loss | We may experience the failure of our hardware (primarily work laptops) which could result in loss of critical information to perform our duties. |
| |||||||||||||||||||||||||||||||||||||
4 | Software Failures | |||||||||||||||||||||||||||||||||||||||
5 | Employee Fraud | |||||||||||||||||||||||||||||||||||||||
6 | Employee Injury | |||||||||||||||||||||||||||||||||||||||
7 | Natural Disaster | |||||||||||||||||||||||||||||||||||||||
8 | Software Development Standard Breach | |||||||||||||||||||||||||||||||||||||||
9 | Physical Security Breach | |||||||||||||||||||||||||||||||||||||||
10 | Contractural Relations Breach | |||||||||||||||||||||||||||||||||||||||
11 | Damage caused by Third Party | |||||||||||||||||||||||||||||||||||||||
12 | Malicious Code | |||||||||||||||||||||||||||||||||||||||
13 | Equipment Theft | |||||||||||||||||||||||||||||||||||||||
14 | Sensitive Data Threat | |||||||||||||||||||||||||||||||||||||||
15 | Security Information System Failure |
| ||||||||||||||||||||||||||||||||||||||
16 | Production Data Loss |
|
|
|
|
|
| We will not undertake production data migration as the information risk is too large for us to accept. |
We have used the following matrix to determine the severity of a stated risk:
...