Title Page

  • Conducted on

  • System Owner

  • Prepared by


  • Describe the purpose of this IT security risk assessment

  • Describe the scope of the risk assessment

  • List all participants including role (e.g. system owner, system custodian, network manager etc.)

  • Describe key technology components including commercial software

  • Describe how users access the system and their intended use of the system

Risk Assessment

  • Click Add Vulnerability (+) after you have identified a vulnerability or threat source

  • Vulnerability

Threat Source & Vulnerability

  • Observation

  • Threat source/ vulnerability

  • Enter threat/ vulnerability

  • Evidence (flow diagrams, screenshots etc.) (optional)

  • Existing controls

Risk rating

  • Consequence

  • Likelihood

  • Risk rating

Recommended Controls

  • Recommended controls or alternative options for reducing risk


  • Recommendations

  • Signature

The templates available in our Public Library have been created by our customers and employees to help get you started using SafetyCulture's solutions. The templates are intended to be used as hypothetical examples only and should not be used as a substitute for professional advice. You should seek your own professional advice to determine if the use of a template is permissible in your workplace or jurisdiction. You should independently determine whether the template is suitable for your circumstances.