mirror of
https://github.com/Karaka-Management/Organization-Guide.git
synced 2026-01-11 12:58:42 +00:00
2.9 KiB
2.9 KiB
IT Risk Control Matrix
| No. | R | Category | Risk Event | L | C | F | Cause | Mitigation Type | Mitigation Strategy | L* | C* | Changes | Comments | ES | EY | Evidences |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | CTO | Operational Risk (IT) | Data loss | Daily | Preventing (System) | Automatic daily local backups | ||||||||||
| 2 | CTO | Operational Risk (IT) | Data loss | Daily | Preventing (System) | Automatic daily backups to external/remote service providers | ||||||||||
| 3 | CTO | Operational Risk (IT) | Data loss | Daily | Preventing (Manual) | Quarterly manual backups for long-term storage | ||||||||||
| 4 | CTO | Operational Risk (IT) | Corrupted backup data | Daily | Revealing (System) | Automatic data integrity validation of daily backups | ||||||||||
| 5 | HOD, head of IT, CTO | Operational Risk (IT) | Users have receive access to files or functions outside of their competencies | Daily | Preventing (Manual) | User permissions are defined in a general Permission List. Deviations must be approved | ||||||||||
| 6 | head of IT, CTO | Operational Risk (IT) | Software causes problems | Weekly | Preventing (Manual) | New software and software updates must be tested in a sandbox environment | ||||||||||
| 7 | HOD, head of IT, CTO | Operational Risk (IT) | Unauthorized software. | Weekly | Preventing (Manual) | New software must be approved |
Abbreviations
-
R: Responsible
-
L: Likelihood (1-5)
-
C: Consequence (1-5)
-
L*/C*: Likelihood and Consequence after mitigation
-
F: Frequency (many times a day, daily, weekly, monthly, annually)
-
ES: Effective
-
EY: Efficient
2022-01-01 - Version 1.0