The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!
From the Wiki University
What evidence can you provide to prove your understanding of each of the following citeria?
Confirm risk decisions
|
|
Management decisions determining acceptable and unacceptable risks are confirmed in accordance with organisational policy and procedures. Completed |
Evidence:
|
Low-level risks that the organisation decides to accept are noted and monitored to detect changed circumstances . Completed |
Evidence:
|
Unacceptable high-level risks are referred for the development of formal management plans. Completed |
Evidence:
|
Major or significant risks identified as unacceptable are noted for treatment. Completed |
Evidence:
|
Identify risk treatments
|
|
Treatments are determined that are consistent with organisational policies, procedures and guidelines and the organisation's security plan. Completed |
Evidence:
|
Treatments are determined that are cost-effective and match the level and type of risk and the importance of the function or resource. Completed |
Evidence:
|
Treatments are selected to reduce the likelihood of occurrence or the consequences of the risk, or both. Completed |
Evidence:
|
Continuity plans are included in treatments, where appropriate, in accordance with the security plan. Completed |
Evidence:
|
Treatments are documented and submitted for approval in accordance with organisational policy and procedures. Completed |
Evidence:
|
Implement countermeasures
|
|
A treatment plan is developed and implemented in accordance with organisational policy and procedures. Completed |
Evidence:
|
Implementation of countermeasures is undertaken in accordance with the implementation strategy detailed in the security plan. Completed |
Evidence:
|
Countermeasures are implemented in accordance with timeframe and budgetary requirements. Completed |
Evidence:
|
Countermeasures are implemented in accordance with legal requirements, government and organisational policy. Completed |
Evidence:
|
Monitor and review security risk management process
|
|
Strategies to monitor risk environment are implemented. Completed |
Evidence:
|
Monitoring is conducted on a regular basis in accordance with organisational policy and procedures. Completed |
Evidence:
|
Risk treatments are evaluated against the objectives of the security plan to ensure these remain effective and/or necessary. Completed |
Evidence:
|
Feedback is obtained from stakeholders on the adequacy and need for current security measures affecting their work/area. Completed |
Evidence:
|
Recommendations for re-examination of security risk or improved risk treatments are conveyed to the appropriate personnel in accordance with organisational policy and procedures. Completed |
Evidence:
|