Beruflich Dokumente
Kultur Dokumente
Criticality
Asset Value Abbreviation Definition
Very High VH 76-100
High H 51-75
Medium M 26-50
Low L 0-25
Based on the submitted BIA by Information Security Office, the critical processes in 1 hour
downtime are the following:
Department/Units IT Department
:
2. Risk Type
People/Personnel
X Software
Information
Process
Estimated Criticality if not done in 4 hours (intangible and tangible) : 51.25% High
Estimated Impact Value(Tangible and Intangible): P2,000,000 - P3,999,999
Probability:
Severity / Impact
Mitigate Manage
Monitor
Moderate Risk Risk
Risk
(DL) (OPCOM)
Risk Treatment
1. Tolerate Risk – CSBI may tolerate risk if the impact is low and probability is low provided that the
risk is residual and not inherent.
Threshold
Quantifiable Risk P 100,000 below cost impact to the bank but not recurring
Qualitative Risk = Reputation risk or impact to CSBI business is low
2. For Monitoring – Risk Management shall coordinate to the concerned line department for early
mitigation.
Threshold
Quantifiable Risk P 101,000- P1,999,999 cost impact to the bank and not recurring
Qualitative Risk Reputation risk or impact to CSBI business is moderate
3. Monitor and Mitigate Risk- if the overall impact is high and the event is recurring, RMD shall
monitor and mitigate risk thru sending memo and informing the OPCOM regarding the risk/ For Action
Item to OPCOM.
Threshold
Quantifiable Risk P2,000,000- P3,999,999- cost impact to the bank with occasional recurrence (i.e. at
least once a month recurrence)
Qualitative Risk Reputation risk or impact to CSBI business is high
4. Substantial Risk Management Required –shall report immediately to the management for action
item for board approval. Management to formulate enhance policies and procedure to treat the risk.
Threshold
Quantifiable Risk Exceeding P 4,000,000 cost impact to the bank with frequent recurrence (i.e.
Habitual and more than twice a month occurrence).
Qualitative Risk Reputation risk or impact to CSBI business is high