Risk Assessment
This document describes the processes that support the following company policies:
- Risk Assessment Policy: Annotated Notes Drata Policy
Ongoing Risk Assessment and Treatment
Risk Assessment Team: Marko Babić, Uri Bushey, Seth Shapiro, Nick Jordan
Procedure for Assessing Risk Report Submissions
The Risk Assessment Team reviews and processes all Risk Report Submissions as follows:
- Risk Report Submissions automatically generate a shortcut ticket in the Security Workspace to track the assessment.
- title:
New Risk Report Submission - shortcut label:
risk-assesment
- title:
- Once submitted, the Shortcut Ticket will be assigned an owner. (WIP)
- The owner of the ticket will evaluate the submission complete the required fields (Columns M-W) in the tracker Risk Report Submission (Responses), consulting with the Risk Assessment Team as necessary.
- Any remaining next steps for Treatment and/or Post-Treat Re-Evaluation steps will be documented and tracked by creating new ticket(s) within Shortcut.
- The person who submitted the Risk Report Submission will be contacted to confirm that the risk has been assessed, and will be notified of any applicable next steps.
- Upon completion of the initial assessment and logging of next steps, the owner of the
New Risk Report Submissionticket will mark the ticket as complete.
Annual Review of Risk Assessment and Treatment
Yearly review TODO: add to security event calendar
Submitting Potential Risks for Assessment
If you identify a potential risk of any kind, please use submit a Risk Report Submission using the form below.