Step 8: Provide a Risk Response
At this stage, the risk assessment demand requester must provide risk responses for each identified risk to ensure proper handling and alignment with the organisation's risk management strategy.
Steps to Provide a Risk Response
1. Navigate to the Risk Assessment Demand
Access the relevant risk demand in the system.
2. Open the "Risk Assessment" Tab
Go to the section dedicated to assessing identified risks.
3. Select the "Risk Response" Tab
Locate the tab specifically designed for defining risk responses.
4. Complete the Required Fields
In the Risk Response section, fill in the following details:
Risk Owner
Assign ownership to ensure accountability for managing the risk.
Risk Response
Select one of the available options:
- Mitigate: Implement controls to reduce the impact or likelihood of the risk.
- Avoid: Eliminate the risk by changing processes, technology, or scope.
- Accept: Acknowledge the risk and accept its consequences.
- Transfer: Shift the risk to a third party (e.g., insurance, outsourcing).
Risk Response Justification
Clearly explain the rationale behind the chosen response.
(Optional) Periodicity Review
Define a schedule for periodic risk reviews.
By following these steps, you ensure a structured and accountable approach to risk response management in CSFaaS.
Finalise the Risk Response
Once all required fields are completed, click the "Save" button.
| Risk Response | Risk Status | Explanation |
|---|---|---|
| Mitigate | Open / Closed | The risk remains open until mitigation measures are fully implemented and validated. Someday it may be marked as "Closed" |
| Avoid | Avoided | The organisation takes steps to prevent exposure to the risk (e.g., discontinuing the risky activity). The risk is no longer relevant but is not necessarily eliminated. |
| Accept | Accepted / Closed | The risk is acknowledged but remains open, as no further action will be taken. Someday it may be marked as "Closed" |
| Transfer | Transferred / Closed | The risk remains open, but responsibility is transferred to a third party (e.g., insurance, outsourcing). Someday it may be marked as "Closed" |
Repeat the process for each identified risk in the assessment.
Submit Risk Response for Analysis
Once all risks have been addressed and responses saved, click "Send Risk Response to Analysts" to finalise this step and move the process forward.
Send Risk Response to Analyst
Once the risk response has been defined by either the risk analyst or the requester, the demand is submitted to the risk analyst by clicking the "Send Risk Response to Analyst" button.
-
Status becomes:
