Vertic's Organisational Risk Register
- Jan Tenenberg
This page outlines Vertic’s current organisational Risk management process as well as the Risk register.
Managing a Risk
If an employee wishes to raise a potential risk, use this form to do so. The review/implementation process from here will follow the below steps:
Vertic management (Jan Tenenberg, Stephen Kent, Matt Romeo) to review the risk
Several actions are possible from here, including:
Rejecting the risk with an appropriate justification
Capturing the risk including:
Risk Details
Severity
Mitigation/Treatment
Post-Treatment Assessment
Vertic management to provide evidence to the employee raising the risk of what the actions and outcomes were by compiling email containing the following information:
Original Risk Details
Review Process Outcome
Action Decision
Decision Outcome
Any actions resulting from the risk management process will be managed using this JIRA workspace.
Vertic’s Risk Register
Risk # | Risk Name | Description/Risk Outcome | Annex A Controls | Likelihood | Impact Level | Severity | Mitigation/Treatment | Post-Treatment Likelihood | Post-Treatment Severity |
|---|---|---|---|---|---|---|---|---|---|
1 | Client Data Breach | A data breach may occur in one of our client’s software environments which may result in exposure of critical information. |
| low | High | High | low | low | |
2 | Staff Breach | A staff member may expose critical data from a client’s software environment which could then be published. |
| low | high | medium | medium | medium | |
3 | Hardware Loss | We may experience the failure of our hardware (primarily work laptops) which could result in loss of critical information to perform our duties. |
| medium | medium | low | low | low | |
4 | Software Failures | Software we use might fail; this could include either Salesforce or other key services. |
| medium | high | High | low | low | |
5 | Employee Fraud | An employee might defraud Vertic but stealing critical information. |
| low | high | medium | medium | high | |
6 | Employee Injury | An employee might get injured whilst performing their duties for Vertic. |
| low | medium | low | low | low | |
7 | Natural Disaster | A natural disaster might strike impacting our geographic area. |
| low | medium | low | low | low | |
8 | Software Development Standard Breach | An employee or contractor might breach our development standards. |
| medium | medium | medium | medium | low | |
9 | Physical Security Breach | An employee or contractor might breach physical security policies, such as leaving laptops unattended. |
| low | medium | low | low | low | |
10 | Contractural Relations Breach | A supplier might breach their contractural obligations with Vertic. |
| low | medium | medium | low | medium | |
11 | Damage caused by Third Party | A third party, such as visitors, might cause physical or virtual damage to critical Vertic assets. |
| low | medium | low | low | medium | |
12 | Malicious Code | An employee or contractor might deliberately produce malicious code. |
| low | high | High | low | medium | |
13 | Equipment Theft | An employee might defraud Vertic but stealing critical hardware infrastructure or laptops. |
| low | medium | low | low | low | |
14 | Sensitive Data Threat | Sensitive data might be under threat outside of Vertic’s control. |
| medium | high | High | low | high | |
15 | Security Information System Failure | Our VQMS processes might fail resulting in critical data exposure and/or loss. |
| low | medium | medium | low | low | |
16 | Production Data Loss | Whilst performing our duties, we might experience production data loss. |
| high | high | high | medium | high |
We have used the following matrix to determine the severity of a stated risk:
Risk Likelihood | Risk Impact Level | Risk Severity |
|---|---|---|
high | high | high |
high | medium | medium |
medium | high | high |
medium | medium | medium |
low | high | medium |
low | medium | low |