Risk Assessment Method Statements RAMS combine risk assessment with safe systems of work or method statements that contractors must provide before working on many sites. Method Statements detail how an activity will be carried out and should include consideration of…
Information Security Management System A structured system for managing the protection of information. Often following ISO 27001. may or may not be certified.
Information System Software or other system for collecting, storing and processing information.
Information Security The practice of protecting information from unauthorised access and use.
Senior Information Risk Owner SIRO is a role used in Government Information Assurance and is particularly prominent in the NHS and where health data is handled, often combined with other job roles
Security Incident and Event Management The process of using products and/or services to manage security information and security events. Usually by providing real-time reporting and analysis of network activity.
Plan, Do, Check, Act The cycle implemented in a management system to drive continual improvement. Based on the Deming Cycle.
Corrective Action / Preventive Action Actions to correct a non-conformance and prevent reoccurrence. Note: Preventive Action has been replaced by a Risk-Based approach in Annex SL standards.
Risk Register A register documents the potential risks identified including the analysis of that risk (often involving scoring), controls and ownership of the risk.
Risk Assessment The process through which risks are assessed and quantified, but can also include the identification and control process. Risk Assessment is used within Health & Safety, Information Security and Business Risk.
