Risk management process

The Dastra risk management process is a simplified version of the eBios Risk Manager model and ISO 27005 risk assessment methodology. Manage your risks in 4 steps Risk management is a four-step process.

1. Identification The aim of risk identification is to determine the events likely to occur, causing a feared event (such as a loss), and to provide an overview of how, where and when this event could occur.

2. Assessment Risk is assessed positively or negatively according to the level of impact the feared event presents, and the likelihood of it occurring, based on the threats that enable it.

3. Processing Risk management consists of responding to a risk. This can be of several kinds: risk reduction: measures must be implemented to reduce the risk risk acceptance: the organization accepts the risk as it is, without taking any measures to reduce it risk avoidance: the risk prevents the activity in question from being carried out risk transfer: the risk weighing on the organization can be transferred to another organization (via insurance, for example) risk-taking: the risk should be subject to mitigation measures, but the organization agrees not to implement them.

4. Monitoring Once the risk has been addressed, it is under control. This must be regularly reviewed and reassessed to take account of changes in the risk. In particular, when setting up control points.

Finally, archive your risks once they have disappeared, to keep a record of them.

The special feature of the Dastra risk management process is that it enables you to update your risk assessment in near-real time, based on the results of your control points.