Risk # | Risk Name | Description/Risk Outcome | Annex A Controls | Likelihood | Impact Level | Severity | Mitigation/Treatment | Post-Treatment Likelihood | Post-Treatment Severity |
|---|
1 | Client Data Breach | A data breach may occur in one of our client’s software environments which may result in exposure of critical information. | A.9.1.1 A.5.1.1 A.9.3.1 A.9.4.1 A.9.4.2 A.9.4.3 A.10.1.1 A.10.1.2
| | | | | | |
2 | Staff Breach | A staff member may expose critical data from a client’s software environment which could then be published. | A.7.1.1 A.7.2.2 A.7.2.3 A.9.1.1 A.9.1.2 A.9.2.2 A.9.2.3 A.9.2.4 A.9.2.5 A.9.2.6 A.9.4.4
| | | | | | |
3 | Hardware Loss | We may experience the failure of our hardware (primarily work laptops) which could result in loss of critical information to perform our duties. | A.8.1.3 A.8.1.4 A.8.3.2 A.8.3.1
| | | | Information Continuity | | |
4 | Software Failures | Software we use might fail; this could include either Salesforce or other key services. | | | | | | | |
5 | Employee Fraud | An employee might defraud Vertic but stealing critical information. | A.7.1.1 A.7.1.2 A.8.1.3 A.8.2.2 A.8.3.2 A.9.1.1 A.9.2.1 A.9.2.5 A.9.2.6 A.9.4.5 A.11.2.5 A.11.2.6
| | | | | | |
6 | Employee Injury | An employee might get injured whilst performing their duties for Vertic. | | | | | | | |
7 | Natural Disaster | A natural disaster might strike impacting our geographic area. | | | | | | | |
8 | Software Development Standard Breach | An employee or contractor might breach our development standards. | | | | | | | |
9 | Physical Security Breach | An employee or contractor might breach physical security policies, such as leaving laptops unattended. | A.6.2.2 A.8.1.3 A.8.1.4 A.8.2.3 A.8.3.1 A.8.3.2 A.8.3.3 A.11.1.4 A.11.1.5 A.11.1.6 A.11.2.1
| | | | | | |
10 | Contractural Relations Breach | A supplier might breach their contractural obligations with Vertic. | | | | | | | |
11 | Damage caused by Third Party | A third party, such as visitors, might cause physical or virtual damage to critical Vertic assets. | A.6.1.3 A.6.1.4 A.8.1.3 A.8.1.4
| | | | | | |
12 | Malicious Code | An employee or contractor might deliberately produce malicious code. | | | | | | | |
13 | Equipment Theft | An employee might defraud Vertic but stealing critical hardware infrastructure or laptops. | A.6.2.1 A.8.1.1 A.8.1.2 A.8.1.3 A.8.1.4 A.8.2.3 A.8.3.1 A.8.3.2 A.11.1.1 A.11.1.2 A.11.2.1
| | | | | | |
14 | Sensitive Data Threat | Sensitive data might be under threat outside of Vertic’s control. | A.6.2.1 A.8.2.1 A.8.2.2 A.8.3.1 A.8.3.3 A.11.1.3 A.11.1.4 A.11.1.5 A.11.2.2 A.11.2.3
| | | | | | |
15 | Security Information System Failure | Our VQMS processes might fail resulting in critical data exposure and/or loss. | A.5.1.1 A.5.1.2 A.6.1.1 A.6.1.2 A.6.1.5 A.7.2.1 A.11.2.2
| | | | | | |
16 | Production Data Loss | Whilst performing our duties, we might experience production data loss. | A.8.2.1 A.8.2.2 A.8.3.2 A.8.3.3 A.8.3.1 A.8.3.3
| | | | | | |
