If you’ve been involved with an organization’s security risk assessment you’ve probably heard “Position Risk Designation” mentioned. Even better, you may have been involved in building or outline your organization’s risk designations. We’re going to review what Position Risk Designation entails and how it can keep all departments, involved with onboarding, on the same page.
Position Risk Designation is looking at each position in your organization and assigning a risk level to that position. The more sensitive information the position has access to the higher the risk.
So where to start?
- Compile a list of all organizational positions
- Under each position list their
- Screening process
- Information systems to which they have/need access and level of access within sensitive information systems
- Physical access to which areas they have/need access
- Review the positions and access levels
- Create a ranking system that works for your organization (1 being low risk and 5 being high risk)
- Assign each position a risk level number
- Formally adopt this ranking system and document as your Position Risk Designation Policy and Procedure
- Make the Position Risk Designation document available to appropriate departments
- Review document periodically for changes and updates
As you can see, this document can be helpful for a number of departments when it comes to onboarding or transfers. Listing each position’s screening level is will create a consistent checklist of appropriate screenings for each position. Having a formal document of each position’s level of access will help security, IT, or HR keep track of appropriate access for badges, physical keys, and information systems.
Work with the involved departments on your Position Risk Designation documents to keep your organization’s procedures consistent and everything running smoothly!