Assessment Process

Corporate processes for ASRA, CSRA, and MSRA Security Threat and Risk Assessment (STRA) sub-types will be published in the future.  In the interim, OCIO Information Security Branch is happy to consult and provide guidance on approaches on a case-by-case basis.  You can contact our “front door” at

A corporate process has been published for the ISRA sub-type of STRA.  Below is the process at a very high-level:

A flow chart depicting the ISRA process at a very high-level

A detailed version of the ISRA process has also been published. 

Detailed ISRA Process