There are many tools available to all stakeholders that can help assess and document a certain risk. We approach each client with an open mind, and use a whole host of the tools, at our disposal to create a truly unique solution.

At the most basic level an assessment tool should have the full support of management. Even though management may not be involved in every step along the way, they must select the business impact analysis and risk assessment teams that will assist in the assessment. They are also the ones that will make the final decision on what gets implemented and what doesn’t- that is why they are the most critical piece of the assessment.

The other steps involve but are not limited to-

•    Identifying the business/ department that is being reviewed.
•    Describing the type of information that is stored, its level of sensitivity and where that information is stored.
•    The Risk. Each company has a different risk level and to better identify the different risks each company may encounter it is important to understand these risks.
•    Control Structures: Descriptions of existing control mechanisms that are in place to mitigate any potential risks.
•    Assessment of employees and what they think of the different control structures. This part of the assesment is described in more detail in the completed document and is usually a yes or no answer.
•    Action: Recommended course of action and what entities will be involved. A time schedule is usually determined here as well.