We have here in the Agency (no we are not the CIA) an IM Risk Assessment where the functional areas complete an IM Risk Assessment Worksheet to determine risks like reliability, trustworthiness, authenticity, vulnerability, security, retention requirements, etc. These risks will be identified and the functional areas have to develop mitigation methodologies or they sign off that they are aware of the risks in their programs, services or software/hardware acquisitions, but will proceed anyway.
This risk assessment also allows us to integrate our information management legal, legislative, operational, policy and standard requirements into current and new or modified program activities, services or systems. This approach is also about setting the best course of action by identifying, assessing, understanding, acting on and communicating risk issues that surround future events and outcomes. It is about making decisions that contribute to the success of a program's overall corporate objectives and initiatives. All information assets, both tangible and intangible business transactions or mission critical activities, including related threats, vulnerabilities and opportunities for improved services will be assessed.
John
John A. Gervais
Program Manager
Policy and Guidelines Section
Information Policy and Governance Division
Statistics and Information Management Directorate
Corporate Strategies and Business Development Branch
Canada Revenue Agency
320 Queen St., Place de Ville, Tower A, 6th Fl.,
Ottawa, ON, Canada, K1A 0L5
Tel: 1-613-946-0245
Facsimile: 1-613-941-9649
E-mail: mailto:[log in to unmask]
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
|