Overview
Lifecycle for Risk Items
Risk lifecycle goes like this:
- Risk is being vaguely defined - draft
- Details are added and risk is confirmed - identified
- Risk assessment is kicked off - under assessment
- Risk Calculation is finalized and risk value is determined - assessed
- Leo makes a decision about what to do next:
- There is no reason to discuss this risk, it is invalid, lacks reasoning, etc. unfounded
- Decides to accept the risk as-is - accepted
- Decides to transfer it to a vendor - transferred
- Makes a decision to avoid risk completely - avoided
- Decides to research/remediate it in the future and try to reduce it - remediate
- Leo is actively working on one of the risks - in remediation
Once remediation is completed, the risk is reassessed and can end up in the following state:
- Accepted
- Transferred
- Avoided