Читать книгу Risk Assessment - Marvin Rausand - Страница 193

A slightly different report structure is described in Chapter 5 of U.S. DOE (2004), and some valuable advice on writing an efficient report based on a risk assessment is given by IAEA (1994).

The report must always be written such that it can be reviewed, verified, and updated. After completion, the risk assessment report should be reviewed and factually validated by the company. It may also be beneficial to have a third‐party review before the results are used.

The risk assessment will sometimes cover deliberate actions and the system's vulnerability relative to these threats. It is then important to realize that notes, worksheets, and other documentation from the risk assessment will be sensitive data that should be kept confidential. This documentation must therefore be graded and kept confidential. Nothing makes a company more vulnerable than a vulnerability study that has gone astray.