Skip to main content

Business context of an information system

Understand how the system fits in your organisation so you can judge how important the information is.

Stakeholders for the business context

You’ll need to meet with the business owner of the information system you’re assessing for risk. Make sure all the relevant stakeholders are involved and that everyone is on board with setting up a successful risk assessment.

Setting up a successful risk assessment

Identify and define key aspects of the business context

When meeting, the business owner is responsible for identifying and defining the following points.

Official classifications of all information

Any information that is stored, processed or transmitted by the information system must be assigned an official classification.

Classify information

Business processes supported

List the objectives of each business process and any secondary, dependent or supporting processes and their objectives.

Users of the system

Detail the information system’s different types of users, inside and outside your organisation, and the levels of privileges each need to do their work. For example, users can include:

  • business users
  • operations support staff
  • members of the public
  • another public organisation’s staff
  • a private agency’s staff.

Security and compliance requirements

Identify the information system’s requirements for confidentiality, integrity, availability and privacy, as well as any relevant laws and regulations that need to be met by it.

Priorities for protecting information

The order of importance set by the business owner for the confidentiality, integrity, availability and privacy of the information being used with an information system.

Example template for risk assessments

The Government Chief Digital Officer (GCDO) has an example template of a risk assessment in case you need help working through the process.

Risk assessment process: report template (Word 264KB)

Utility links and page information

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Last updated