Completion requirements
Analysing likelihood and severity
To assess if something is a real risk it is important that you evaluate the likelihood and the severity of the impact.
You can do this by completing a risk matrix and assign a risk score. For those concerns that rate above a certain level you should then consider introducing minimising actions.
When completing the risk matrix you should remember:
- Likelihood and severity scores can differ vastly even with the same risk impact. For example, "damage to organisation's reputation" could vary dependent on the nature of the risk and its context in the organisation.
- Severity can vary widely depending on the organisation's attitude towards the risk. For example, is sharing poor quality data, which can often be likely due to errors in the manner of its collection, actually high in severity?
What are the risks of NOT sharing data?
- discrimination against people or groups
- damage to organisations reputation
- organisation being fined for breaking the law
When building a risk assessment you should always consider the impact of both sharing and not sharing data and take a balanced approach.
