Skip to content

Mitigate your Risks

Last Updated 14 September 2017

5. Mitigate your Risks

Risk mitigation is the plan of specific actions your organisation will take following completion of the risk assessment. Your mitigation measures or actions should focus on the threats specific to your organisation’s critical assets, taking into account the amount of risk you are willing to accept.

Ensure your risk mitigation measures cover personnel, cyber/ information and physical security, and that you are clear about how these actions will reduce risk. You will need to address the following questions:

  • Who owns your risk mitigation measures information? How often is it reviewed and updated?
  • Do your mitigation measures document the tasks that will be required to manage threats and the individuals that will be responsible for these tasks?
  • How are your mitigation measures communicated to key staff, contacts and stakeholders?
  • Do your measures include timescales for business recovery and required resources? Do they keep pace with technological advances?

CPNI guidance and information is available via the links below:





Previous Next