High Quality
Open the downloaded document, and select print from the file menu (PDF reader required).
DRAFT
Information risk assessment checklist
This checklist aims to ensure that when a new project is initiated which involves sharing or distributinginformation online, we have properly assessed and mitigated risk where possible, and that there is senior acknowledgement and support for the level of risk we are accepting.
•
Please fill in what you can – it’s OK to leave blanks, but please use these as a prompt to discuss theissue with relevant colleagues in DIUS
•
If you have taken some steps to mitigate risks, describe them here
•
Think carefully about the potential impact of information being revealed, lost or defaced: could itcause real harm to DIUS’ reputation or operation, or simply short term embarrassment?
•
Importantly, please ensure this assessment is discussed with the senior sponsor for the project, sothey are aware of the proposed approach and risk mitigation in place.
Background to the project
1.
Your name and contact details (phone/email):
2.
In a sentence or two, what are you trying to achieve?
3.
Who are the intended audiences?
e.g. internal DIUS staff, limited to trusted external stakeholders,open to wider public etc
4.
How long will it run for?
e.g. between specific dates, indefinitely etc
5.
How will using this method of sharing information benefit the project?
About the information
6.
Please briefly describe the kind of information that you will be sharing:
7.
How will access to the information be controlled – who will have access to administer the tool or website, manage users etc?
Information risk
8.
What would the impact be if the information were revealed publicly?
If the information is confidential or commercially sensitive, please give details
9.
What would the impact be if the information were changed without authorisation or defacedmaliciously?
10.
What would the impact be if the information were not available for an extended period?
Add a Comment
jezzagleft a comment