This page outlines Vertic’s current organisational Risk
...
management process as well as the Risk register.
Managing a Risk
If an employee wishes to raise a potential risk, use this form to do so. The review/implementation process from here will follow the below steps:
Vertic management (Jan Tenenberg, Stephen Kent, Matt Romeo) to review the risk
Several actions are possible from here, including:
Rejecting the risk with an appropriate justification
Capturing the risk including:
Risk Details
Severity
Mitigation/Treatment
Post-Treatment Assessment
Vertic management to provide evidence to the employee raising the risk of what the actions and outcomes were by compiling email containing the following information:
Original Risk Details
Review Process Outcome
Action Decision
Decision Outcome
Any actions resulting from the risk management process will be managed using this JIRA workspace.
Vertic’s Risk Register
Risk Nbr | Risk Name | Description/Risk Outcome | Annex A Controls | Likelihood | Impact Level | Severity | Mitigation/Treatment | Post-Treatment Likelihood | Post-Treatment Severity | Post-Treatment Assessment | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Client Data Breach | A data breach may occur in one of our client’s software environments which may result in exposure of critical information. |
|
| ||||||||||||||||||||||||||||||||||||
2 | Staff Breach | A staff member may expose critical data from a client’s software environment which could then be published. |
| |||||||||||||||||||||||||||||||||||||
3 | Hardware Loss | We may experience the failure of our hardware (primarily work laptops) which could result in loss of critical information to perform our duties. |
| |||||||||||||||||||||||||||||||||||||
4 | Software Failures | |||||||||||||||||||||||||||||||||||||||
5 | Employee Fraud | |||||||||||||||||||||||||||||||||||||||
6 | Employee Injury | |||||||||||||||||||||||||||||||||||||||
7 | Natural Disaster | |||||||||||||||||||||||||||||||||||||||
8 | Software Development Standard Breach | |||||||||||||||||||||||||||||||||||||||
9 | Physical Security Breach | |||||||||||||||||||||||||||||||||||||||
10 | Contractural Relations Breach | |||||||||||||||||||||||||||||||||||||||
11 | Damage caused by Third Party | |||||||||||||||||||||||||||||||||||||||
12 | Malicious Code | |||||||||||||||||||||||||||||||||||||||
13 | Equipment Theft | |||||||||||||||||||||||||||||||||||||||
14 | Sensitive Data Threat | |||||||||||||||||||||||||||||||||||||||
15 | Security Information System Failure |
| ||||||||||||||||||||||||||||||||||||||
16 | Production Data Loss |
|
|
|
|
|
| We will not undertake production data migration as the information risk is too large for us to accept. |
...
Risk Likelihood | Risk Impact Level | Risk Severity | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
| ||||||||||||||||||
|
|
| ||||||||||||||||||
|
|
| ||||||||||||||||||
|
|
| ||||||||||||||||||
|
|
| ||||||||||||||||||
|
|
|
Raising a Risk
If an employee wishes to raise a potential risk, use this form to do so. The review/implementation process from here will follow the below steps:
...
Vertic management (Jan Tenenberg, Stephen Kent, Matt Romeo) to review the risk
...
Several actions are possible from here, including:
Rejecting the risk with an appropriate justification
Capturing the risk including:
Risk Details
Severity
Mitigation/Treatment
Post-Treatment Assessment
Vertic management to provide evidence to the employee raising the risk of what the actions and outcomes were by compiling email containing the following information:
...
Original Risk Details
...
Review Process Outcome
...
Action Decision
...