Perspective at a glance

Key facts

Two axes: risk management and business continuity
12 criteria measuring digital risk management and BCP maturity
Requires an up-to-date digital risk register and documented response plans
Includes business continuity plans with periodic testing and disaster recovery

Risk Management

Identifying, assessing, and mitigating digital risks that may impact DT initiatives and government services.

Business Continuity

Ensuring critical government services continue during emergencies through tested continuity and recovery plans.

Assessment criteria

The perspective includes 12 criteria across the two axes to assess risk management and BCP maturity.

Axis	Criterion	Description
Risk Management	Risk management framework	Adopting an approved framework for digital risk management
Risk Management	Risk register	Creating and maintaining a digital risk register with all identified risks
Risk Management	Risk assessment	Periodic assessment of likelihood and impact of identified risks
Risk Management	Treatment plans	Developing treatment and response plans for each identified risk
Risk Management	Monitoring and reporting	Continuous risk monitoring and periodic management reports
Risk Management	Risk culture	Raising awareness of risk management importance across the entity
Business Continuity	Business impact analysis	Identifying critical processes and assessing the impact of disruption
Business Continuity	Business continuity plan	Preparing a plan to maintain continuity of critical services during disruptions
Business Continuity	Disaster recovery plan	Developing technical recovery plans to restore systems and data
Business Continuity	Periodic testing	Conducting regular exercises and tests of continuity plans
Business Continuity	Crisis management	Establishing a crisis management team and escalation procedures
Business Continuity	Review and update	Reviewing and updating continuity plans based on lessons learned

Self-assessment steps

Review risk framework
Verify that an approved framework exists with an up-to-date risk register and effective treatment plans.
Evaluate continuity plans
Examine BCP and disaster recovery plans and their coverage of critical services.
Review testing
Confirm periodic exercises and tests are conducted with documented results and lessons learned.
Build improvement plan
Identify gaps in risk management and continuity and set improvement priorities.

Risk management and business continuity protect the digital transformation journey from disruption. An updated risk register and tested continuity plans ensure government services remain available even under the most challenging circumstances.

Information Technology

Infrastructure, systems, and cybersecurity.

Operations

Designing work procedures and internal operations.

Standards Overview

Document goals and DGA role.

Perspective at a glance

Key facts

Two axes: risk management and business continuity
12 criteria measuring digital risk management and BCP maturity
Requires an up-to-date digital risk register and documented response plans
Includes business continuity plans with periodic testing and disaster recovery

Risk Management

Identifying, assessing, and mitigating digital risks that may impact DT initiatives and government services.

Business Continuity

Ensuring critical government services continue during emergencies through tested continuity and recovery plans.

Assessment criteria

The perspective includes 12 criteria across the two axes to assess risk management and BCP maturity.

Axis	Criterion	Description
Risk Management	Risk management framework	Adopting an approved framework for digital risk management
Risk Management	Risk register	Creating and maintaining a digital risk register with all identified risks
Risk Management	Risk assessment	Periodic assessment of likelihood and impact of identified risks
Risk Management	Treatment plans	Developing treatment and response plans for each identified risk
Risk Management	Monitoring and reporting	Continuous risk monitoring and periodic management reports
Risk Management	Risk culture	Raising awareness of risk management importance across the entity
Business Continuity	Business impact analysis	Identifying critical processes and assessing the impact of disruption
Business Continuity	Business continuity plan	Preparing a plan to maintain continuity of critical services during disruptions
Business Continuity	Disaster recovery plan	Developing technical recovery plans to restore systems and data
Business Continuity	Periodic testing	Conducting regular exercises and tests of continuity plans
Business Continuity	Crisis management	Establishing a crisis management team and escalation procedures
Business Continuity	Review and update	Reviewing and updating continuity plans based on lessons learned

Self-assessment steps

Review risk framework

Verify that an approved framework exists with an up-to-date risk register and effective treatment plans.

Evaluate continuity plans

Examine BCP and disaster recovery plans and their coverage of critical services.

Review testing

Confirm periodic exercises and tests are conducted with documented results and lessons learned.

Build improvement plan

Identify gaps in risk management and continuity and set improvement priorities.

Risk & Business Continuity

Perspective at a glance

Key facts

Assessment criteria

Self-assessment steps

Information Technology

Operations

Standards Overview

Risk & Business Continuity

Perspective at a glance

Key facts

Assessment criteria

Self-assessment steps

Information Technology

Operations

Standards Overview

Perspective at a glance

Key facts

Assessment criteria

Self-assessment steps

Related topics

Information Technology

Operations

Standards Overview

Perspective at a glance

Key facts

Assessment criteria

Self-assessment steps

Related topics

Information Technology

Operations

Standards Overview