The Ascentor Information Risk Action Plan

Information Risk Management (or IRM) is the process of identifying, understanding and managing the risks to information within the context of an organisation’s business needs.

IRM: the most effective way to address information security concerns

Information Risk Management is what we do here at Ascentor. To assist your company or organisation to manage information risk effectively, here is our best practice approach – the Ascentor four-step action plan for any business that is serious about protecting its valuable information.

Ascentor’s Four-step Information Risk Action Plan

Risk Management Steps


Ascentor’s Information Risk Management approach

Step 1: Identify what to protect Establish the Scope 1. What are the information systems you want to apply information risk management to?
Establish the Business Function 2. Be clear on the business aims and drivers.
Establish the Business Context 3. Understand the environment the business operates in e.g. your legislative, contractual and regulatory compliance requirements.
Identify your Assets 4. Attach value to your information. Realise the importance of information security and get it on the Board’s agenda.5. Understand the value in your information and where it sits.
Step 2: Identify what you are trying to protect it from Risk Assessment 6. Identify the biggest risk to your business and the areas most affected – what are the threats and where do your vulnerabilities lie?7. Get an understanding of how the risks are managed today.

8. Carry out a strategic risk review of the business – a gap analysis of where you are now versus where you want to be.

Step 3: Determine the best way to protect it Risk Treatment 9. Make someone accountable for information security. Make someone responsible for information risk management.10. Put your information risk management strategy into action across all areas of the business (not just IT). Make sure your people are aware of their responsibilities.
  Risk Management 11. Develop processes and procedures for the continuing review and feedback of risk management.
  Apply Controls and Countermeasures 12. Develop contingency and incident management plans. Test them regularly.13. Carefully manage the impact of each business or systems change.
Step 4: Monitor and Review Compliance 14. Keep it going – ensure the business effecting information risks are reviewed at each Board meeting, making it part of your Business Risk Register review.
  Training and Awareness 15. People are key to success. Empower your staff to make the right decision, provide education and training.


Next Steps

Take our free, online risk review – an instant self-assessment tool to find out where your risk lies – Online Information Risk Review

If you have any questions on Information Risk Management or would like an objective assessment of your organisation’s information risks and security practices please get in touch. The Ascentor team would be delighted to help.


Email Ascentor Image Map