Create or improve your organisation’s process for assessing risks
Use your organisation’s approved process, but there might be situations when your organisation is developing or improving the process and need an example template.
Use your organisation’s approved process
Government organisations should have a process for assessing risks approved by their senior management.
This is important for public cloud services because the risk assessment tool is not the risk assessment itself. The tool helps you get the information you need to do a risk assessment.
Public cloud services are no different from other information technology systems — you must assess the risk first.
Develop or improve your process
The Government Chief Digital Officer (GCDO) has detailed guidance for:
- senior management of organisations looking to improve their risk assessment process
- organisations needing direction and a template for carrying out risk assessments.
Example template for risk assessments
The GCDO has an example template of a risk assessment in case you need some help working through the process.