1 minute read
Table 2: Risk impact guidance
GRADE CARDHOLDER DATA CUSTOMER IMPACT FINANCIAL IMPACT HEALTH & SAFETY IMPACT ON REPUTATION LEGAL IMPACT
4. High Compromise of small to medium amounts of sensitive CHD
5. Very high All sensitive CHD compromised, resulting in fines or external investigation
Table 2: Risk impact guidance some difficulty
Business is crippled in key areas
Out of business; no service to customers Severe effect on income and/or profit Significant danger to life
Crippling; the organization will go out of business Real or strong potential loss of life High Operating illegally in some areas
Very High Severe fines and possible imprisonme nt of staff
2.6.3 Risk classification
Based on the assessment of the grade of likelihood and impact, a score is calculated for each risk by multiplying the two numbers. This resulting score is then used to decide the classification of the risk based on the matrix shown in figure 2. Each risk will be allocated a classification based on its score as follows:
• High: 12 or more • Medium: five to ten inclusive • Low: One to four inclusive
[Note – you may decide to change the definition of high, medium and low classifications based on your general risk appetite e.g. you may decide that only risks with a score of 16 or more will be classified as high.]
