Assessment Process

Corporate processes for CSRA, DSRA, and MSRA Security Threat and Risk Assessment (STRA) sub-types will be published in the future.  In the interim, OCIO Information Security Branch is happy to consult and provide guidance on approaches on a case-by-case basis.  You can contact our “front door” at

A corporate process has been published for the ISRA sub-type of STRA.  Below is the process at a very high-level:

A flow chart depicting the ISRA process at a very high-level

A detailed version of the ISRA process has also been published. 

Detailed ISRA Process

Ministries and agencies have a reasonable level of autonomy and flexibility within each of the stages in the ISRA process and are expected to leverage the corporate process to deliver on the required outputs as defined. Optional tools and templates have been provided.

Ministries and agencies are welcome to use their own tools or templates as long as the required outputs occur in a format acceptable to the Government Chief Information Officer (GCIO).

Government of BC employees can learn more about STRAs and their sub-types on the intranet page for Security Threat and Risk Assessments.