Elements and Performance Criteria
- Prepare to perform risk assessment
- Analyse organisations risk culture and document findings according to organisational requirements
- Research and document legislative and organisational cyber security risk requirements
- Obtain and analyse organisation’s risk register and determine its currency against organisational legislative requirements
- Develop and document risk assessment plan according to organisational requirements
- Communicate risk assessment plan with required personnel and seek and respond to feedback
- Perform risk assessment
- Finalise risk assessment
- Analyse and document findings against risk register and determine operations outside of organisation’s risk appetite
- Develop and document operational measures to align operations against risk register requirements
- Communicate risk assessment findings to required personnel and highlight areas of non-compliance and solutions
- Lodge documentation according to organisational requirements