This page outlines Vertic’s current organisational Risk register and the appropriate and relevant mitigation strategy.
Risk Nbr | Risk Name | Description/Risk Outcome | Annex A Controls | Likelihood | Impact Level | Severity | Mitigation/Treatment | Post-Treatment Likelihood | Post-Treatment Severity | Post-Treatment Assessment |
|---|---|---|---|---|---|---|---|---|---|---|
1 | Client Data Breach | A data breach may occur in one of our client’s software environments which may result in exposure of critical information. |
| HIGH | ||||||
2 | Staff Breach | A staff member may expose critical data from a client’s software environment which could then be published. | HIGH | |||||||
3 | Hardware Loss | We may experience the failure of our hardware (primarily work laptops) which could result in loss of critical information to perform our duties. | MEDIUM | |||||||
4 | Software Failures | |||||||||
5 | Employee Fraud | |||||||||
6 | Employee Injury | |||||||||
7 | Natural Disaster | |||||||||
8 | Software Development Standard Breach | |||||||||
9 | Physical Security Breach | |||||||||
10 | Contractural Relations Breach | |||||||||
11 | Damage caused by Third Party | |||||||||
12 | Malicious Code | |||||||||
13 | Equipment Theft | |||||||||
14 | Sensitive Data Threat | |||||||||
15 | Security Information System Failure |
| ||||||||
16 | Production Data Loss |
| HIGH | HIGH | HIGH | HIGH | HIGH | We will not undertake production data migration as the information risk is too large for us to accept. |
We have used the following matrix to determine the severity of a stated risk:
Risk Likelihood | Risk Impact Level | Risk Severity |
|---|---|---|