Skip to end of banner
Go to start of banner

Vertic's Organisational Risk Register

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 16 Next »

This page outlines Vertic’s current organisational Risk register and the appropriate and relevant mitigation strategy.

Risk Nbr

Risk Name

Description/Risk Outcome

Annex A Controls

Likelihood

Impact Level

Severity

Mitigation/Treatment

Post-Treatment Likelihood

Post-Treatment Severity

Post-Treatment Assessment

1

Client Data Breach

A data breach may occur in one of our client’s software environments which may result in exposure of critical information.

  • A.9.1.1

HIGH

2

Staff Breach

A staff member may expose critical data from a client’s software environment which could then be published.

HIGH

3

Hardware Loss

We may experience the failure of our hardware (primarily work laptops) which could result in loss of critical information to perform our duties.

MEDIUM

4

Software Failures

5

Employee Fraud

6

Employee Injury

7

Natural Disaster

8

Software Development Standard Breach

9

Physical Security Breach

10

Contractural Relations Breach

11

Damage caused by Third Party

12

Malicious Code

13

Equipment Theft

14

Sensitive Data Threat

15

Security Information System Failure

  • A.5.1.1

16

Production Data Loss

  • A.8.2.1

  • A.8.2.2

  • A.8.3.2

  • A.8.3.3

HIGH

HIGH

HIGH

HIGH

HIGH

We will not undertake production data migration as the information risk is too large for us to accept.

We have used the following matrix to determine the severity of a stated risk:

Risk Likelihood

Risk Impact Level

Risk Severity

HIGH

HIGH

HIGH

HIGH

MEDIUM

MEDIUM

MEDIUM

HIGH

HIGH

MEDIUM

MEDIUM

MEDIUM

LOW

HIGH

MEDIUM

LOW

MEDIUM

LOW

Raising a Risk

If an employee wishes to raise a potential risk, use this form to do so. The review/implementation process from here will follow the below steps:

  1. Vertic management (Jan Tenenberg, Stephen Kent, Matt Romeo) to review the risk

  2. Several actions are possible from here, including:

    1. Rejecting the risk with an appropriate justification

    2. Capturing the risk including:

      1. Risk Details

      2. Severity

      3. Mitigation/Treatment

      4. Post-Treatment Assessment

  3. Vertic management to provide evidence to the employee raising the risk of what the actions and outcomes were by compiling email containing the following information:

    1. Original Risk Details

    2. Review Process Outcome

    3. Action Decision

    4. Decision Outcome

  • No labels