psjenkins/ISMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
870a576aa41f4352748d27ff98463e52fb324d9a
ISMS/04-registers/risk-register-template.md
Paul Jenkins 5eade2d99b Initial commit
2026-03-26 09:35:22 +00:00

2.2 KiB
Raw Blame History

Title: Risk Register Template Document ID: [REG-RISK-001] Version: 0.1 Draft Status: Draft Owner: CISO (Paul Jenkins) Approver: CISO (Paul Jenkins) Classification: Internal Effective date: [DD Month YYYY] Review date: [DD Month YYYY]

Risk Register Template

Purpose

This template provides the structure for recording and tracking information security risks identified within the ISMS scope.

Scope

This register applies to strategic, operational, project, supplier, exception, and incident-related information security risks.

Data Fields / Expected Columns

The risk register should record at least:

  • risk ID
  • date identified
  • risk title
  • affected asset, service, process, or supplier
  • risk description
  • threat and vulnerability summary
  • impact rating
  • likelihood rating
  • overall risk rating
  • treatment decision
  • treatment actions
  • risk owner
  • target date
  • status
  • review date
  • linked records or evidence

Ownership

This register should be owned by [Role]. Individual risk entries should have assigned risk owners responsible for treatment and review.

Update Frequency

The register should be updated when new risks are identified, risk status changes, treatment actions are completed, or review dates are reached. It should be reviewed at least as part of formal management review.

Retention

Current and superseded versions should be retained in line with document and records retention requirements.

Template Table

Risk ID Date Identified Risk Title Affected Asset / Service Risk Description Impact Likelihood Overall Rating Treatment Decision Risk Owner Target Date Status Review Date Linked Records / Evidence
[R-001] [DD Month YYYY] [Short title] [System / service / supplier] [Description] [Low/Medium/High] [Low/Medium/High] [Low/Medium/High] [Mitigate / Accept / Avoid / Transfer] [Role] [DD Month YYYY] [Open / In Progress / Accepted / Closed] [DD Month YYYY] [Risk assessment / exception / incident]

Related Documents

  • Risk Assessment and Treatment Methodology
  • Risk Assessment Procedure
  • Exception Management Procedure
  • Corrective Action Procedure
Reference in New Issue View Git Blame Copy Permalink