This checklist aims to ensure that when a new project is initiated which involves sharing or distributing
information online, we have properly assessed and mitigated risk where possible, and that there is senior
acknowledgement and support for the level of risk we are accepting.
• Please fill in what you can – it’s OK to leave blanks, but please use these as a prompt to discuss the
issue with relevant colleagues in DIUS
• If you have taken some steps to mitigate risks, describe them here
• Think carefully about the potential impact of information being revealed, lost or defaced: could it
cause real harm to DIUS’ reputation or operation, or simply short term embarrassment?
• Importantly, please ensure this assessment is discussed with the senior sponsor for the project, so
they are aware of the proposed approach and risk mitigation in place.
3. Who are the intended audiences? e.g. internal DIUS staff, limited to trusted external stakeholders,
open to wider public etc
4. How long will it run for? e.g. between specific dates, indefinitely etc
5. How will using this method of sharing information benefit the project?
7. How will access to the information be controlled – who will have access to administer the tool or
website, manage users etc?
Information risk
8. What would the impact be if the information were revealed publicly? If the information is confidential
or commercially sensitive, please give details
9. What would the impact be if the information were changed without authorisation or defaced
maliciously?
10. What would the impact be if the information were not available for an extended period?
DRAFT
Technical details
11. What technology are you planning to use? i.e. name of web-based tools etc
12. Where will the information be hosted/stored? Do you know if the tool/provider is UK-based?
14. Who is able to provide technical advice on the tool and maintain it in future?
15. What do you have in place to back up the information in the short term, and archive it long term for
the future if appropriate?
a. Ministerial sponsor/owner:
e. Others involved:
17. Has the tool/service been bought according to DIUS procurement rules?
18. Have you discussed this project with the following? (n.b. it may be OK if you haven’t, but please
indicate if you have)
g. DIUS IT Unit
h. Press Office
What next?
Thanks for completing this assessment. You should discuss it with the relevant colleagues listed above as
appropriate, to ensure they are aware and comfortable with the approach you have taken. For your own
records, you should keep this assessment with your other project files.
If you have any questions about this assessment, or would like to get advice or help on this project,
please contact XXXXXXXX