...
This plan must be signed off by top management and by the relevant risk owner(s) to show agreement to the actions identified and to the levels of residual risk remaining after the treatment actions have been completed. The following people were involved in defining the actions described in this plan:
NAME | ROLE IN ASSESSMENT |
Jan Tenenberg | Lead risk assessor |
Stephen Kent | Assistant risk assessor |
...
As part of the assessment of potential treatments, the following additional people were consulted:
NAME | TITLE | LOCATION |
Matt Romeo | Chief Operating Officer | Melbourne Office |
Alex Hughes | Principle Consultant | Melbourne Office |
...
Completion of these actions will be monitored as part of the regular management review process.
REF | RISK DESCRIPTION | RISK OWNER | RISK LEVEL | TREATMENT OPTION | ACTION | ACTION OWNER | TIME- SCALE | RESIDUAL RISK LEVEL |
1 | Password Breach | CEO | Modify | Two-Factor Authentication Secure Password Management | Monitor Environment Setup | COO | Ongoing | Low |
2 | Transactional Data Breach | CEO | Modify | Use Salesforce Platform Features Do not store Transactional Data on Vertic Infrastructure Use Australian Salesforce Data Centres | Monitor Salesforce Trust Website Internal Audit/Planning to ensure this | COO | Ongoing | Low |
3 | Employee Breach | COO | Share | Employment Contracts Control Salesforce Access | Require Employment Contracts for each Employee Use Salesforce Security Model to control user access | COO | Ongoing | |
4 | Incorrect Development Standards | COO | Modify | Perform Regular Salesforce Health Checks | Monitor Salesforce Health Checks Review Salesforce Optimiser | COO | Ongoing | |
5 | Data Centre Failures | CEO | Share | Monitor Salesforce Trust Website Use Salesforce’s Redundancy Controls | Inform Customers when this happens; data loss is extremely unlikely due to Salesforce’s platform redundancy controls | CFO | Ongoing |
...