Corporate processes for ASRA, CSRA, and MSRA Security Threat and Risk Assessment (STRA) sub-types will be published in the future. In the interim, OCIO Information Security Branch is happy to consult and provide guidance on approaches on a case-by-case basis. You can contact our “front door” at InfoSecAdvisoryServices@gov.bc.ca
A corporate process has been published for the ISRA sub-type of STRA. Below is the process at a very high-level:
A detailed version of the ISRA process has also been published.