Information risk assessment checklist
This checklist aims to ensure that when a new project is initiated which involves sharing or distributinginformation online, we have properly assessed and mitigated risk where possible, and that there is senior acknowledgement and support for the level of risk we are accepting.
Please fill in what you can – it’s OK to leave blanks, but please use these as a prompt to discuss theissue with relevant colleagues in DIUS
If you have taken some steps to mitigate risks, describe them here
Think carefully about the potential impact of information being revealed, lost or defaced: could itcause real harm to DIUS’ reputation or operation, or simply short term embarrassment?
Importantly, please ensure this assessment is discussed with the senior sponsor for the project, sothey are aware of the proposed approach and risk mitigation in place.
Background to the project
Your name and contact details (phone/email):
In a sentence or two, what are you trying to achieve?
Who are the intended audiences?
e.g. internal DIUS staff, limited to trusted external stakeholders,open to wider public etc
How long will it run for?
e.g. between specific dates, indefinitely etc
How will using this method of sharing information benefit the project?
About the information
Please briefly describe the kind of information that you will be sharing:
How will access to the information be controlled – who will have access to administer the tool or website, manage users etc?
What would the impact be if the information were revealed publicly?
If the information is confidential or commercially sensitive, please give details
What would the impact be if the information were changed without authorisation or defacedmaliciously?
What would the impact be if the information were not available for an extended period?