Risk Management
Skill packages tagged with “Risk Management”
Business Impact Analysis (BIA)
Conduct structured Business Impact Analyses per ISO 22301. Guides interviews, maps process dependencies, determines RTO/RPO targets, and validates consistency across the dependency chain with automated tools that flag timing conflicts and circular dependencies.
Change Order Impact Analyzer
Trace the technical impact of a proposed specification change across all related sections, disciplines, and procurement items to prevent cascading contradictions.
CMMI-DEV Risk Management
Draft CMMI-DEV Risk Management (RSKM) deliverables: risk management plan and risk register for ML3.
Ecosystem Risk Ranker (CISA CPG 4.1)
Map and rank external dependencies (SaaS, cloud, utilities) essential to a Critical Service. Assigns criticality scores by impact of vendor outage on mission and validates vendor uptime SLAs against the organization's Maximum Allowable Downtime (MAD). Aligned with CISA CPG 4.1 Critical Service Dependency Map.
ISO 14971 Risk File Author
Guided elaboration of risk management file for medical devices per ISO 14971: hazard identification, risk analysis, risk control, residual risk acceptability, and benefit–risk rationale. Flags risks above acceptability thresholds without control or justification.
ISO 17025 Risk, Opportunity & Corrective Action Management
Identify and manage laboratory risks and opportunities per ISO/IEC 17025:2017 Clauses 8.5–8.7. Produces a scored risk register, corrective action procedure with root cause analysis, and CAPA tracking log. Risk register validator checks entry completeness and scoring; corrective action tracker validates procedure elements from trigger through effectiveness verification.
ISO 27001 Risk Assessment
Complete ISO 27001:2022 risk assessment workflow covering methodology definition, risk identification using a 12-category threat taxonomy, risk analysis with 5×5 matrix scoring, treatment planning with Annex A control mapping, and residual risk validation. Produces auditor-ready risk methodology, risk register, treatment plan, and acceptance forms per Clause 6.1.2 and 6.1.3.
ISO 42001 AI Risk Register
Draft and validate the AI risk register for ISO/IEC 42001:2023 with ownership, treatment, and residual risk.
ITIL 4 Risk Management
Draft and maintain ITIL 4 Risk Management practice documentation and artifacts aligned to the Service Value System.
MaRisk Risikomanagement-Handbuch
Erstellt und prueft Risikomanagement-Handbuecher fuer Finanzinstitute in Deutschland gemaess MaRisk (BaFin). Unterstuetzt die vollstaendige Ausarbeitung aller MaRisk-Module (AT, BT, BTR), Konformitaetspruefungen und Identifikation von Dokumentationsluecken.
MDevSPICE Software Risk Management Process
Document and evidence the software risk management process per IEC 62304 and MDevSPICE: risk management plan, risk analysis, risk control, risk review, production and post-production monitoring.
NIS2 Governance & Risk Management
Document management body accountability and cybersecurity risk management measures per NIS2 Directive Art. 20-21. Covers all 11 mandatory measures (a)-(k), governance approval workflows, and management training obligations. Produces a governance and risk management report with measure-by-measure coverage analysis.
NIST CSF Profile Author
Guided elaboration of a NIST Cybersecurity Framework (CSF) assessment: current profile (Identify, Protect, Detect, Respond, Recover, Govern), target profile, gap analysis, and prioritized implementation plan with outcomes and metrics.
Risk & Control Self-Assessment (RCSA)
RCSA support aligned with COSO and Basel III. Front-line managers document risks and control effectiveness; the skill scores control strength (Automated > Manual, Preventative > Detective) and identifies optimistic bias where residual risk is low despite weak controls or thin descriptions.
Risk Register ISO 31000
Guided elaboration of an ISO 31000:2018-aligned risk register: organizational context, risk criteria (likelihood/impact scales and appetite), structured register entries with cause, existing controls, consequence, treatment, residual risk, implementation deadline and owner, plus automated validation of completeness and L x I consistency.
SFCR Solvency II (Pillar 3)
Supports preparation and review of the Solvency and Financial Condition Report (SFCR) for EU insurance and reinsurance undertakings under Solvency II Pillar 3, including QRT consistency checks and MCR/SCR ratio validation.
State Claims Risk Management
Draft and validate Risk Management reports for state-insured entities (hospitals, prisons) in Ireland under the State Claims Agency (SCA/NTMA). Ensures expected sections, tags Protected Disclosure and LPP content, and aligns with NIMS incident reporting.
Third-Party Risk Assessment (TPRA)
Assess vendor security posture by validating SIG questionnaire responses against evidence and auditing SOC 2 reports for coverage gaps. Produces structured TPRA reports aligned with NIST SP 800-161 and GDPR Article 28, with automated tools that flag unsupported vendor claims, expired reports, and bridge-letter gaps.