OT Risk Assessment Methodologies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi Experts,
Anyone configured Risk Assessment Methodologies to assess OT Risks?
The methodology should compramise with Business Impact Assessment (not BIA in BCM module) and Control Assessment.
BIA is asking the the consequence types such as Business Interruption, Environmental, Health, Safety & Security and the Impact Rating to be provided from 1-5. Based on this Target Security Level (TSL1, TSL2, TSL3 or TSL4) to be updated.
In control assessment, every control should have ASL value (which populated from the answers received for Control Attestation). In addition to that, Control Effectiveness also will be selected by Assessor.
The Risk Rating to be populates from BIA and Control Assessment.
Any idea or any one aleady configured RAM for these kind of scenarios?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
You can configure risk assessment methodologies in ServiceNow Advanced Risk to model OT risk in the way you described (business impact + control assessment), using the Risk Assessment Methodology form to define consequence types, impact rating scales, and control assessment questions, and then customizing your risk evaluation scripts or factors so the residual risk/risk rating is computed only when control efficacy and BIA inputs exist.....
If you found my response helpful, please mark it as ‘Accept as Solution’ and ‘Helpful’. This helps other community members find the right answer more easily and supports the community.
Kaushal Kumar Jha - ServiceNow Consultant - Lets connect on Linkedin: https://www.linkedin.com/in/kaushalkrjha/
