Risk Management

"Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization" The CISA Review Manual

Risk Management Policy

This risk management policy forms part of the University’s internal control and corporate governance arrangements. The policy explains the University’s underlying approach to risk management, and outlines key aspects of the risk management process.

Risk Management Policy

Corporate Risk Register

riskahead The Corporate Strategic Risk Register is used by the University Council to help facilitate the identification, assessment and ongoing monitoring of strategic risks significant to the University.

Information Assurance Services has responsibility for co-ordination of the maintenance of the Corporate Strategic Risk Register.

Local Risk Register

Academic Departments and Divisions within Corporate Services are also required to maintain their own local Strategic Risk Registers as the basis for managing and monitoring lower level risks that are directly relevant to them at a local level and over which they are able to exert some influence or control.

Information Assurance Services provides support and training to departments and divisions in their maintenance of their local Strategic Risk Register.

Local Risk Register Guidance

Blank Local Risk Register Template

Sample Local Risk Register Template

Share this page:

Navigation

Contact Details: Information Assurance Services
University of Leicester
Prospect House
94 Regent Road
Leicester
LE1 7DA

E: ias@le.ac.uk
T: +44 (0)116 229 7946

Glossary

A-Z of terms used in Information Security

Hot Topics

Loss and Theft of Unencrypted Data

Hot Topics

Information for...

Silhouettes of People

Request Information