The risk management process ensures that a new identified risk is classified and that the required roles are involved.
The first step of the process is a question.
The question is used to find out whether the risk is a risk that has already been analyzed and documented or whether it is a new risk that has not yet been identified.
This step and subsequent steps are executed by the Risk-Manager
Insofar as the risk is already known, the second step (left path) asks for detailed information and a reference to the scenario, which must be entered as text.
If the risk has not yet been analyzed, the next step (right path) is to ask whether it is a risk that can cause collateral damage, that can damage the public reputation or that can cause financial damage.
If the risk can cause collateral damage or damage to the public reputation, detailed information about possible causes, consequences and countermeasures are required and users that are member of the group 'Executive-Management'
If the risk can cause financial damage, the Risk-Manager needs to enter information into a pre-defined table.
The mandatory columns of this table are a description of the risk (text), potential damage (low, medium, high) and probability of occurrence (unlikely, can happen, likely).
Subsequently, a mitigation plan needs to be uploaded (PDF) that defines how, by whom and in what period of time the risk is mitigated and minimized to an acceptable level.
You can sign-up
for free or contact us
if you have any questions.
With the Cybermain Governance platform, you can easily create arbitrary processes by defining and connecting process-steps.
There are question-steps, steps in which a file upload is requested, steps in which a table has to be filled out, free-text is required or someone is informed with a message and needs to confirm that message.
The processes can be executed by users, roles or groups in an organization.
As soon as a new step has to be carried out, the corresponding users are automatically informed.
The collected information is securely stored and can be exported by the process owner.
Create arbitrary processes for your organization or adapt and use default processes.