Personnel Security

PER004

Risk assessment for personnel security

Carry out a risk assessment for personnel security so your organisation can make good decisions about the security measures you need to manage your risks.

Implementing the right personnel security measures can help you prevent or deter a wide variety of activities, from staff fraud through to acts of violence or espionage.

A risk assessment helps security managers communicate to senior leadership about the personnel security risks your organisation is exposed to.

Carrying out an effective risk assessment

Your risk assessment process should enable you to identify the risks associated with each role in your organisation, and the security controls you should use at each stage of the personnel lifecycle.

To carry out a risk assessment for personnel security:

  1. Identify what critical information and assets your organisation holds.
  2. Identify the threats to your information and assets (based on the role, intent, and capability of those who could carry out the threats).
  3. Assess the likelihood of the threats happening in your organisation.
  4. Assess the impact to your organisation if the threats happened.
  5. Review your existing security countermeasures for the threats — are they likely to be effective?
  6. Propose new measures to reduce your security risks (if necessary).

Factor the results into your risk assessment.

Carry out a risk assessment for personnel security every two years in line with the following standards available from Standards New Zealand.

Page last modified: 4/05/2022

Supporting documents