Whenever our team works on a project for one of our clients, we are most likely performing a risk assessment for a single information system. The purpose of this is for the organisation’s leadership to understand if that system falls within their risk appetite and to approve that system’s use. It’s like a warrant of fitness for your car – where the risk assessment is the development of items that need to be checked, and then when we audit the system, we’re playing the role of the mechanic checking each one of the items on that list. Then the organisation can approve the system for use (like when you get your WoF sticker and drive your car legally).

Read More