Skip to main content

Use your risk assessment

Update your organisation’s risk registers and schedule future reviews of your information’s risks and security controls.

Final step — risk assessment to risk management

By using your risk assessment with your organisation’s security and information technology departments, they’ll be able to help you:

  • add the risks and security controls to their risk registers
  • monitor and review those risks and security controls.

Immediate use — update your risk registers

Add the security controls for your information to your organisation’s risk registers. Make sure your security team has the finished and approved risk assessment — make special note of any high risks to the information.

This allows them to regularly monitor and review whether the risks or effectiveness of the controls have changed.

Risk assessment sign-offs are not complete certification and accreditation processes

See the New Zealand Information Security Manual (NZISM) for the complete certification and accreditation process.

System certification and accreditation — NZISM

Ongoing use — monitor and review the risks

Work with your security team to set up a regular schedule to monitor and review the risks and security controls for your information in the public cloud service.

Monitor and review risks to information systems

When a public cloud service is not accepted

If you decide not to use a public cloud service, it’s still worth filing your risk assessment with the security and information technology teams. This way, others in your organisation:

  • do not duplicate the work
  • can reference it as a starting point in the future.

Utility links and page information

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Last updated