Risk Assessment
Risk assessment and risk handling
Conexus has a risk-based approach to our operation. Procedures for risk assessment and risk handling are established.
Risks can be associated with all management systems in the Conexus Quality Management System.
Risk assessments shall be carried out periodically for all critical processing. There is a need for additional risk assessment in case of major changes in our operating environment.
All actions identified in the risk assessments must be followed up closely by the manager, product- or system owner. High-risk items shall be reported to CISO.
Risk assessments are internal confidential documents.
Risk willingness
Conexus risk management is based on business assessments and compliance with applicable laws. In general, risk willingness falls into the following categories:
Risk category | Risk willingness |
---|---|
Information security and privacy | Very low |
Key Business Processes | Based on the potential business impact |
HMS | Low |
Environment and Sustainability | Low |
Risks that conflict with applicable lawa are to be avoided.