Asset List

Example asset list which can be populated with a list of critical assets including type (hardware/software), owner (shore), custodian
within the SMS.

Asset Serial Asset Type/Description Version Owner

Dell Inspiron 17
1 Laptop Hardware Windows 10 J Doe
2
3
4
5
6
7
8
9
10
 Asset List

hardware/software), owner (shore), custodian (on vessel) and criticality based on existing impact assessments

Custodian Location Date of Last Check Criticality

A Smith Bridge 11/1/2019 Low

 Formally identified and owned risks are initially assessed as inherent, this is because the control landscape may change over time so there should b
generate the residual risk. If this residual risk is higher than defined risk appetite, then the risk is put forward to risk treatment.

Inherent

Risk ID Risk description Impact / risk category

C I A
DIGRSK001 Unauthorised access by breached or stolen credentials – The x x x
risk of unauthorised individuals obtained access to the environment

DIGRSK002

DIGRSK003

DIGRSK004

DIGRSK005

DIGRSK006

DIGRSK007

DGIRSK008

DIGRSK009

DIGRSK010
 Assess Risks

ndscape may change over time so there should be a base level of the risk to re-assess against. The inherent impact and likelihood is assessed against the CIA triad to generate the inherent score. Cu
ut forward to risk treatment.

erent Residual
Likelihood Inherent risk
sk category Impact score Risk Owner Controls Impact / Risk category
score score
S C I A S
4 4 Very High Captain Two factor x x x
authentication
to generate the inherent score. Current controls are then put against the risk to

Likelihood Residual risk

Impact score Risk decision
score score

4 2 Medium Treat