Assessment Process

The corporate process for conducting Security Threat and Risk Assessments:

A flow chart depicting the ISRA process at a very high-level

Ministries may adapt their internal STRA processes; however, a Statement of Acceptable Risk (SoAR) must be completed, signed, and submitted to the Information Security Branch, OCIO Enterprise Services at the end of the process for the STRA to be considered complete. 

For questions please contact: