In order to ensure that an organisation is secure, the risks it is exposed to need to be understood. To demonstrate this senior managers need to be able to describe the risks posed to the organisation and explain how the risks and incidents are recorded, monitored and analysed. Senior managers should also be able to explain how the information collected is used to create a secure working environment.
Managers need to be able to explain the risks they face, and how incidents are recorded and monitored.
Employees should be able to explain what they need to do to report an incident and provide examples of when they have done this.
