Title Page

  • Conducted on

  • System Owner

  • Prepared by

General

  • Describe the purpose of this IT security risk assessment

  • Describe the scope of the risk assessment

  • List all participants including role (e.g. system owner, system custodian, network manager etc.)

  • Describe key technology components including commercial software

  • Describe how users access the system and their intended use of the system

Risk Assessment

  • Click Add Vulnerability (+) after you have identified a vulnerability or threat source

  • Vulnerability

Threat Source & Vulnerability

  • Observation

  • Threat source/ vulnerability

  • Enter threat/ vulnerability

  • Evidence (flow diagrams, screenshots etc.) (optional)

  • Existing controls

Risk rating

  • Consequence

  • Likelihood

  • Risk rating

Recommended Controls

  • Recommended controls or alternative options for reducing risk

Completion

  • Recommendations

  • Signature

The templates available in our Public Library have been created by our customers and employees to help get you started using SafetyCulture's solutions. The templates are intended to be used as hypothetical examples only and should not be used as a substitute for professional advice. You should seek your own professional advice to determine if the use of a template is permissible in your workplace or jurisdiction. Any ratings or scores displayed in our Public Library have not been verified by SafetyCulture for accuracy. Users of our platform may provide a rating or score that is incorrect or misleading. You should independently determine whether the template is suitable for your circumstances. You can use our Public Library to search based on criteria such as industry and subject matter. Search results are based on their relevance to your search and other criteria. We may feature checklists based on subject matters we think may be of interest to our customers.