Annual follow-up

Follow up on you risk assessment once a year.

Once you have completed and filled in the risk assessment template, it must be approved and endorsed by your management, as the completed risk assessment template constitutes your written documentation for carrying out the assessment. The risk assessment must be stored locally, but it must be available upon request, or if a reassessment or revision is required.

The information security department recommends that the risk assessment be filed in Workzone.

As a minimum, the risk assessment must be reassessed once a year. Furthermore, a reassessment is required in the event of:

  • major changes in type of data/data processing
  • changes in system/setup/collaboration partners/data processing agreement
  • security incidents/security breaches