![[The University of Leicester]](unilogo.gif)
Risk Management
"Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization" The CISA Review Manual
Corporate Risk Register
The Corporate Strategic Risk Register is used by the University Council to help facilitate the identification, assessment and ongoing monitoring of strategic risks significant to the University.
Information Assurance Services has responsibility for co-ordination of the maintenance of the Corporate Strategic Risk Register.
Local Risk Register
Academic Departments and Divisions within Corporate Services are also required to maintain their own local Strategic Risk Registers as the basis for managing and monitoring lower level risks that are directly relevant to them at a local level and over which they are able to exert some influence or control.
Information Assurance Services provides support and training to departments and divisions in their maintenance of their local Strategic Risk Register.
