Elements and Performance Criteria
- Organise functions and tasks.
- Applicable provisions of legislative and organisational requirements, and relevant standards for risk assessment activities are identified and complied with.
- Roles and responsibilities associated with the implementation of the security risk management plan are clearly defined and articulated to relevant persons.
- Activities and targets are linked to achievement of milestones and outcomes in project action plans.
- Resources, equipment and materials to assist plan implementation are suitable to project purposes and available within specified timelines.
- Information related to the implementation of the plan is accurately and promptly distributed using established communication channels.
- Confidentiality requirements are confirmed and maintained in accordance with client and organisational requirements.
- Monitor risk context.
- Emerging risks or threats to assets are monitored and assessed to maintain ongoing suitability of implemented security risk treatment options.
- Changes to operating environment are monitored and corrective measures determined and incorporated into the plan as required.
- Targets and outcomes are regularly reviewed and evaluated to ensure achievement of project aims based on relevant standards.
- Existence and occurrence of risks are accurately and comprehensively documented providing an assessment of the type, nature and cause.
- Application of contingencies and corrective measures are accurately documented.
- Review effectiveness of treatment options.
- Long and short-term options are costed to ensure an accurate estimate of resources is allocated to support the plans.
- Discrepancies between treatment options and risk incidence are monitored and addressed through appropriate modifications to plans.
- Stages of implementation are identified and resources and options are coordinated to ensure access and availability.
- Corrective measures are developed, tested and incorporated into the risk management plan.
- Feedback on effectiveness of treatment options is sought and provided to relevant personnel.