ABCDEFGHIJKLMNOPQRSTUVWXYZAAAB
1
2
3
4
Instructions:
5
6
Save a copy of this document for your organization (Go to File > Make a Copy)
7
Review potential information security risks in your organization add them to the assessment template to track them and your mitigation activities.
8
Decide how you're going to assign "impact." Impact to the business can be focused exclusively on financial impact or also consider other areas such as operational, reputational, etc.
9
Decide how you're going to treat the risk:
10
Avoid = remove the risk entirely by avoiding the circumstances that create the risk
11
Reduce = take steps to mitigate the risk such as with controls
12
Absorb = take on the risk as is
13
Transfer = share or deflect the risk onto another party i.e. to insurance
14
15
Evaluate how much risk you think is remaining after your risk treatment and decide if you need to take further steps.
16
17
Assign an owner to the risk. This is vital to ensure your organization is accountable and everyone is doing their part to reduce risks. Afterall, the last thing you need is a finding during your next audit.
18
19
20
Tired of working in spreadsheets?
21
HyperComply makes it easy to send vendor security assessments, eliminating tons of boring spreadsheets along the way. Easily assess new vendors, complete annual assessments, and identify areas of risk to your organization. Get started today—for free.
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100