Risk Management Policy
(and Framework)
Document Classification - Restricted - Internal Use Only
Scimitar Group
Version History
Date Version Issued By Changes
16/04/2024 1.0 S.Matsemela Published
Salih Matsemela Added Legal Statement
Security Consultant Corrected Typos
Security Office Reviewed
Data Protection Office Reviewed and Reversioned
Compliance team
Effective and Expiry
Document Effective Date Document Expiry Date
16/04/2024 16/04/2027
Document Publication
Filename Location of Current Version Minimum Retention
Risk Management Policy Sharepoint - Risk 3 years
(and Framework) Management Folder
References
Number Document Location
1 Information Security Policy Sharepoint - Security Folder
2
1
, Risk Managment Policy (and Framework) - Version 1.0
Contents
1.0 Purpose and Scope..........................................................................................................3
1.1 Purpose....................................................................................................................... 3
1.2 Scope........................................................................................................................... 3
2.0 Policy Management..........................................................................................................3
2.1 Organisation of Information Security............................................................................3
2.2 Policy Enforcement, Audit and Review........................................................................3
3.0 Introduction....................................................................................................................... 3
3.1 Why is Risk Management important?...........................................................................4
3.2 Risk Subjects...............................................................................................................4
4.0 Risk Assessment Process and Methodology....................................................................5
5.1 Risk Assessment Checklist..........................................................................................5
5.2 Who conducts Risk Assessments................................................................................6
5.3 Risk Assessment Criteria.............................................................................................6
5.4 Frequency of Risk Assessments..................................................................................7
5.5 Language & Clarity......................................................................................................7
5.6 Risk Identification.........................................................................................................7
5.7 Risk Analysis................................................................................................................ 7
5.8 Information and Technology Risk Scenarios................................................................8
6.0 Documentation.................................................................................................................8
7.0 Risk Response Selection and Prioritisation......................................................................9
8.0 Risk Calculation Methodology..........................................................................................9
8.1 Probability.................................................................................................................... 9
8.2 Impact.......................................................................................................................... 9
8.3 Risk Calculation(s) and Appetite................................................................................10
Scimitar Group 2
(and Framework)
Document Classification - Restricted - Internal Use Only
Scimitar Group
Version History
Date Version Issued By Changes
16/04/2024 1.0 S.Matsemela Published
Salih Matsemela Added Legal Statement
Security Consultant Corrected Typos
Security Office Reviewed
Data Protection Office Reviewed and Reversioned
Compliance team
Effective and Expiry
Document Effective Date Document Expiry Date
16/04/2024 16/04/2027
Document Publication
Filename Location of Current Version Minimum Retention
Risk Management Policy Sharepoint - Risk 3 years
(and Framework) Management Folder
References
Number Document Location
1 Information Security Policy Sharepoint - Security Folder
2
1
, Risk Managment Policy (and Framework) - Version 1.0
Contents
1.0 Purpose and Scope..........................................................................................................3
1.1 Purpose....................................................................................................................... 3
1.2 Scope........................................................................................................................... 3
2.0 Policy Management..........................................................................................................3
2.1 Organisation of Information Security............................................................................3
2.2 Policy Enforcement, Audit and Review........................................................................3
3.0 Introduction....................................................................................................................... 3
3.1 Why is Risk Management important?...........................................................................4
3.2 Risk Subjects...............................................................................................................4
4.0 Risk Assessment Process and Methodology....................................................................5
5.1 Risk Assessment Checklist..........................................................................................5
5.2 Who conducts Risk Assessments................................................................................6
5.3 Risk Assessment Criteria.............................................................................................6
5.4 Frequency of Risk Assessments..................................................................................7
5.5 Language & Clarity......................................................................................................7
5.6 Risk Identification.........................................................................................................7
5.7 Risk Analysis................................................................................................................ 7
5.8 Information and Technology Risk Scenarios................................................................8
6.0 Documentation.................................................................................................................8
7.0 Risk Response Selection and Prioritisation......................................................................9
8.0 Risk Calculation Methodology..........................................................................................9
8.1 Probability.................................................................................................................... 9
8.2 Impact.......................................................................................................................... 9
8.3 Risk Calculation(s) and Appetite................................................................................10
Scimitar Group 2
