Last edited 2 years ago
by Demo writer

Template:Risk page: Difference between revisions

hw>Mlink-rodrigue
No edit summary
 
m (1 revision imported)
 

Latest revision as of 15:44, 1 December 2021

Risk description

Risk treatment considerations

Replace the information below with your own considerations. During risk mitigation planning, the following information should be considered:

  • possible vulnerabilities (people, systems)
  • legal requirements
  • industry best practices
  • cost and resources
  • data classification: public, private, restricted, confidential (for data protection risks only)

Risk treatment plan

Replace the information below with the actual risk treatment plan that you want to implement.

The purpose of the risk treatment plan is to specify: (1) which measures are planned, (2) how they will be implemented, and (3) if they are already implemented. It is important that all affected parties understand the plan and its implementation. Progress against the plan needs to be monitored consistently.

Technical measures

Cybersecurity

Encryption and pseudonymisation

Passwords

Access rights

Physical security

Data disposal

Organisational measures

Policies and procedures

Business continuity plan

Awareness and training