Templates of documentation in the framework of the Academy of Risk Analysis

Participants receive a complete toolkit in the form of methodology, ready threat catalogs and automated spreadsheets that guide step by step through the entire risk analysis process.

The package also includes ready-made management reporting templates and modules integrating the requirements of the General Data Protection Regulation (GDPR), ISO 27001 and NIS2, enabling the deployment of a bulletproof safety management system.

Risk analysis academy  documentation templates

Templates of documentation in the frameworks of the Academy

Methodology and process fundamentals

These documents provide instructions for the operation of the whole system, ensuring compliance with the legal requirements.

  • Complete methodology for carrying out and documenting risk analysis: A guide based on an analysis of the UODO's decisions, which explains step by step how to carry out the process – from asset identification to risk acceptance.
  • The procedure for carrying out a risk analysis: A formal document (required by the UODO) that defines roles, responsibilities and the course of the risk management process in an organisation.
Inventory

Tools for creating a data map in a company.

  • For example, list of processing processes: A model catalogue of business processes (e.g. HR, marketing) that makes it easier to start mapping.
  • Full lists of resources (based on ISO 27005): A ready-made asset inventory (hardware, software, people, locations), prepared in accordance with ISO standards, enabling precise identification of what is subject to analysis.
  • Templates for process and resource mapping tables: Spreadsheets to link business processes with specific assets, showing where data is physically and digitally processed.
Risk and fitness

Tools to support the systematic identification of events and circumstances that may adversely affect the organisation.

  • Catalogue of threats: Lists of threats (failures, attacks, human errors) specifically matched to asset types (different for a server, a laptop, an employee).
  • Risk scenario lists: Ready-made descriptions of event sequences (e.g. 'laptop theft leading to a data breach'), linking a threat with a vulnerability and its impact.
Security controls

Tools for assessing existing measures for the protection of personal data.

  • Prepared lists of collateral (technical and organisational): A catalogue of protective measures (e.g. encryption, procedures, training) assigned to assets, enabling quick identification of implemented elements.
Risk estimation

The heart of analysis is the tools that turn intuition into numbers.

  • Prepared impact assessment rocks for the likelihood: Parameterised assessment criteria that eliminate subjectivity (e.g. what exactly 'high' probability means).
  • Risk matrix templates: Heat maps visualising the level of risk and acceptability thresholds.
  • Templates of risk calculation tables: Spreadsheets automating the calculation of inherent risk (without controls) and residual risk (after controls have been implemented).
Integration of systems

Tools linking different legal requirements in a single process.

  • Integrated risk analysis scheme: A model enabling a single analysis to simultaneously meet the requirements of GDPR, ISO 27001 and NIS2.
  • Combined impact assessment models: Tables to assess the impact of a threat simultaneously on individual rights (GDPR), business continuity and information security (ISO 27001 / NIS2).
Module of AI

Support and security in the age of artificial intelligence.

  • List of AI tools: A summary of applications supporting risk analysis.
  • Overview of the threats posed by AI: A list of specific risks (e.g. hallucinations, bias) associated with the use of AI systems in a company.
  • "Human-in-the-loop" model: A procedure for safe working with AI, ensuring that the final decision is always made by a human (in accordance with the accountability principle).
Reporting and decisions

Documents closing the process and communicating with the business.

  • Report to the Management Board and presentation: Templates translating technical results into the language of business, finance and legal responsibility.
  • Model of risk management plan: A document specifying who, when and how will implement additional safeguards.
  • Model of risk acceptance cards: A formal document for signature by the Management Board, constituting evidence of familiarity with and acceptance of the risk.
Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.