Triggers
- New/changed business requirements/services/process
- New or changed targetsD
- Breech of Major Incident recovery target
- Periodic activitiesD
- PIR
- Continuity and Recovery plans test results
- Invocation of ITSCM following major incident
| Controls
- Policies defining risk limits and risk tolerances
- Job descriptions outlining Risk Mgmt R&Rs
|
|
Inputs
- BIA
- risk information, fed by incident reporting and problem reviews
| Processes
- Profiling
- Contextualizing
- Communicating
- Identifying
- Analyzing
- Evaluating
- Implementing
- Monitoring
| Outputs
- Risk Communications
- Risk Register
- Risk Mitigation Strategy
- Risk Treatment Plan
|
| Mechanisms
- Risk Analysis MethodologyD
- Method for identifying risks
- Risk Register
- Risk Treatment Template
- Incident Reporting System
- Composite Risk IndexD
- Brainstorming sessions
- Root Cause Analyses
| KPIs
- risk management meetings and workshops
- risk management improvement projects
- improvements to the risk assessment process
- Level of funding for risk management projects
- updates to published risk limits and policies
- risk monitoring reports
- personnel trained in risk management methodology
|