psjenkins/ISMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5eade2d99bef262cef5be6d01dc0bbbc9119b82e
ISMS/04-registers/risk-register-template.md
Paul Jenkins 5eade2d99b Initial commit
2026-03-26 09:35:22 +00:00

66 lines
2.2 KiB
Markdown
Raw Blame History

Title: Risk Register Template
Document ID: [REG-RISK-001]
Version: 0.1 Draft
Status: Draft
Owner: CISO (Paul Jenkins)
Approver: CISO (Paul Jenkins)
Classification: Internal
Effective date: [DD Month YYYY]
Review date: [DD Month YYYY]
# Risk Register Template
## Purpose
This template provides the structure for recording and tracking information security risks identified within the ISMS scope.
## Scope
This register applies to strategic, operational, project, supplier, exception, and incident-related information security risks.
## Data Fields / Expected Columns
The risk register should record at least:
- risk ID
- date identified
- risk title
- affected asset, service, process, or supplier
- risk description
- threat and vulnerability summary
- impact rating
- likelihood rating
- overall risk rating
- treatment decision
- treatment actions
- risk owner
- target date
- status
- review date
- linked records or evidence
## Ownership
This register should be owned by [Role]. Individual risk entries should have assigned risk owners responsible for treatment and review.
## Update Frequency
The register should be updated when new risks are identified, risk status changes, treatment actions are completed, or review dates are reached. It should be reviewed at least as part of formal management review.
## Retention
Current and superseded versions should be retained in line with document and records retention requirements.
## Template Table
| Risk ID | Date Identified | Risk Title | Affected Asset / Service | Risk Description | Impact | Likelihood | Overall Rating | Treatment Decision | Risk Owner | Target Date | Status | Review Date | Linked Records / Evidence |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| [R-001] | [DD Month YYYY] | [Short title] | [System / service / supplier] | [Description] | [Low/Medium/High] | [Low/Medium/High] | [Low/Medium/High] | [Mitigate / Accept / Avoid / Transfer] | [Role] | [DD Month YYYY] | [Open / In Progress / Accepted / Closed] | [DD Month YYYY] | [Risk assessment / exception / incident] |
## Related Documents
- Risk Assessment and Treatment Methodology
- Risk Assessment Procedure
- Exception Management Procedure
- Corrective Action Procedure
Reference in New Issue View Git Blame Copy Permalink