For this module's project you will need to select a “project” to work on. An example could be Payment Card Industry (PCI), Windows 11 upgrade, or a project that your organization might be working on and do a risk management plan on the project. You can use one of the examples below or use the internet. You may use Rasmussen Library, Co-Workers, external resources and the internet to assist with your completion of this template.
With this module's project, you are required to complete a risk assessment. You may choose your organization and add an additional four new entries for each section. An example has been entered for each section. Those who may not have access to an employer will need to extend their research to Rasmussen Library, connection within the security realm, or the use of the Internet. Again, this project is for you to look at things differently and find potential issues and how they would be mitigated. Documentation should be submitted in APA format.
Risk Assessment Template
|
Security Assessment |
Potential Vulnerabilities |
Security Mitigation |
|
Physical |
1. Data Center is accessible to all employees |
1. Install badge reader to control access to employees that need access |
|
Technical |
1. PHI is accessible without VPN |
|
|
Policies and Procedures |
1. Team performs ad hoc security measures |
1. Security Analysts conducts quarterly review on user’s activities |
|
Organization Standards |
1. Business Associate agreements renewed and updated |
1. Review documents with internal legal counsel |
,
<organization name>
Risk Management Plan
Version <1.0>
<mm/dd/yyyy>
<Project Name> Risk Management Plan Template Version: <1.1> <Draft>
Revision Date: Error! Unknown document property name. Page 2 of 11
CDC_UP_Risk_Management_Plan_Template_v1.1.doc
VERSION HISTORY
[Provide information on how the development and distribution of the Risk Management Plan up to the final point of approval was controlled and tracked. Use the table below to provide the version number, the author implementing the version, the date of the version, the name of the person approving the version, the date that particular version was approved, and a brief description of the reason for creating the revised version.]
|
Version # |
Implemented By |
Revision Date |
Approved By |
Approval Date |
Reason |
|
1.0 |
<Author name> |
<mm/dd/yy> |
<name> |
<mm/dd/yy> |
Initial Risk Management Plan draft |
|
1.1 |
<Author name> |
<mm/dd/yy> |
<name> |
<mm/dd/yy> |
<reason> |
Note to the Author
[This document is a template of a Risk Management Plan document for your organization. The template includes instructions to the author, boilerplate text, and fields that should be replaced with the values specific to the project.
· Red italicized text enclosed in square brackets ([text]) provides instructions to the document author, or describes the intent, assumptions and context for content included in this document.
· Red italicized text enclosed in angle brackets (<text>) indicates a field that should be replaced with information specific to a particular project.
· Text and tables in black are provided as boilerplate examples of wording and formats that may be used or modified as appropriate to your organization. These are offered only as suggestions to assist in developing project documents; they are not mandatory formats.
When using this template for your organizational document, it is recommended that you follow these steps:
1. Replace all text enclosed in angle brackets (i.e., <Project Name>) with the correct field values. These angle brackets appear in both the body of the document.t
2. To update the Table of Contents, right-click and select “Update field” and choose the option- “Update entire table”
3. Before submission of the first draft of this document, delete this “Notes to the Author” page and all instructions to the author, which appear throughout the document as blue italicized text enclosed in square brackets.]
TABLE OF CONTENTS
1.1 Purpose Of The Risk Management Plan 1
2.3.1 Qualitative Risk Analysis 1
2.3.2 Quantitative Risk Analysis 2
2.5 Risk Monitoring, Controlling, And Reporting 2
risk management plan approval 3
INTRODUCTION
Purpose Of The Risk Management Plan
[Provide the purpose of the Risk Management Plan.]
A risk is an event or condition that, if it occurs, could have a positive or negative effect on a project’s objectives. Risk Management is the process of identifying, assessing, responding to, monitoring, and reporting risks. This Risk Management Plan defines how risks associated with your <Project Name> will be identified, analyzed, and managed. It outlines how risk management activities will be performed, recorded, and monitored throughout the lifecycle of the project and provides templates and practices for recording and prioritizing risks.
risk management Procedure
Process
[Summarize the steps necessary for responding to project risk.]
The project manager working with the project team and project sponsors will ensure that risks are actively identified, analyzed, and managed throughout the life of the project. Risks will be identified as early as possible in the project so as to minimize their impact. The steps for accomplishing this are outlined in the following sections. The <project manager or other designee> will serve as the Risk Manager for this project.
Risk Identification
Risk identification will involve the project team, appropriate stakeholders, and will include an evaluation of environmental factors, organizational culture and the project management plan including the project scope. Careful attention will be given to the project deliverables, assumptions, constraints, WBS, cost/effort estimates, resource plan, and other key project documents.
A Risk Management Log will be generated and updated as needed and will be stored electronically in the project library located at <file location>.
Risk Analysis
All risks identified will be assessed to identify the range of possible project outcomes. Qualification will be used to determine which risks are the top risks to pursue and respond to and which risks can be ignored.
Qualitative Risk Analysis
The probability and impact of occurrence for each identified risk will be assessed by the project manager, with input from the project team using the following approach:
Probability
· High – Greater than <0%> probability of occurrence
· Medium – Between <0%> and <0%> probability of occurrence
· Low – Below <0%> probability of occurrence
Impact
|
Impact |
H |
|||
|
M |
||||
|
L |
||||
|
L |
M |
H |
||
|
Probability |
· High – Risk that has the potential to greatly impact project cost, project schedule or performance
· Medium – Risk that has the potential to slightly impact project cost, project schedule or performance
· Low – Risk that has relatively little impact on cost, schedule or performance
Risks that fall within the RED and YELLOW zones will have risk response planning which may include both a risk mitigation and a risk contingency plan.
Quantitative Risk Analysis
Analysis of risk events that have been prioritized using the qualitative risk analysis process and their affect on project activities will be estimated, a numerical rating applied to each risk based on this analysis, and then documented in this section of the risk management plan.
Risk Response Planning
Each major risk (those falling in the Red & Yellow zones) will be assigned to a project team member for monitoring purposes to ensure that the risk will not “fall through the cracks”.
For each major risk, one of the following approaches will be selected to address it:
· Avoid – eliminate the threat by eliminating the cause
· Mitigate – Identify ways to reduce the probability or the impact of the risk
· Accept – Nothing will be done
· Transfer – Make another party responsible for the risk (buy insurance, outsourcing, etc.)
For each risk that will be mitigated, the project team will identify ways to prevent the risk from occurring or reduce its impact or probability of occurring. This may include prototyping, adding tasks to the project schedule, adding resources, etc.
For each major risk that is to be mitigated or that is accepted, a course of action will be outlined for the event that the risk does materialize in order to minimize its impact.
Risk Monitoring, Controlling, And Reporting
The level of risk on a project will be tracked, monitored and reported throughout the project lifecycle.
A “Top 10 Risk List” will be maintained by the project team and will be reported as a component of the project status reporting process for this project.
All project change requests will be analyzed for their possible impact to the project risks.
Management will be notified of important changes to risk status as a component to the Executive Project Status Report.
Tools And Practices
A Risk Log will be maintained by the project manager and will be reviewed as a standing agenda item for project team meetings. risk management plan approval
The undersigned acknowledge they have reviewed the Risk Management Plan for the <Project Name> project. Changes to this Risk Management Plan will be coordinated with and approved by the undersigned or their designated representatives.
[List the individuals whose signatures are desired. Examples of such individuals are Business Steward, Project Manager or Project Sponsor. Add additional lines for signature as necessary. Although signatures are desired, they are not always required to move forward with the practices outlined within this document.]
|
Signature: |
Date: |
||
|
Print Name: |
|||
|
Title: |
|||
|
Role: |
|
Signature: |
Date: |
||
|
Print Name: |
|||
|
Title: |
|||
|
Role: |
|
Signature: |
Date: |
||
|
Print Name: |
|||
|
Title: |
|||
|
Role: |
|
Signature: |
Date: |
||
|
Print Name: |
|||
|
Title: |
|||
|
Role: |
[Insert the name, version number, description, and physical location of any documents referenced in this document. Add rows to the table as necessary.]
The following table summarizes the documents referenced in this document.
|
Document Name and Version |
Description |
Location |
|
<Document Name and Version Number> |
[Provide description of the document] |
<URL or Network path where document is located> |
[Insert terms and definitions used in this document. Add rows to the table as necessary. Follow the link below to for definitions of project management terms and acronyms used in this and other documents.
The following table provides definitions for terms relevant to the Risk Management Plan.
|
Term |
Definition |
|
[Insert Term] |
[Provide definition of the term used in this document.] |
|
[Insert Term] |
[Provide definition of the term used in this document.] |
|
[Insert Term] |
[Provide definition of the term used in this document.] |
