Risk management is considered a key cultural objective of Ballpark as an organisational structure. In achieving this the organisation should treat:

The Risk Management Policy and its supporting controls, processes and procedures apply to all individuals who have access to Ballpark's information and technologies, including external parties that provide information processing services to Ballpark.

Ballpark's CTO is considered the chair of the SANS Team and has accountability to the CEO and Ballpark Board for managing risk.

The SANS team will direct the risk benchmarking for the organisation and review the information risk register. They will be involved in assessing and reviewing High risks via the SANS team review sessions.

The CTO is responsible to the CEO and Board for managing the risk assessment process and maintaining an up-to-date risk register. The Data Protection Officer and COO will conduct risk assessments and recommend action for Medium and Low risks, where these can be clearly defined in terms of the Ballpark's base benchmark for risk.

The SANS team is responsible for assessing and reviewing High risks, and will have visibility of the risk register.

Information Asset Owners and department managers must be responsible for agreeing and implementing appropriate treatments to risks under their control. They must also take an active role in identifying and reporting new risks.

CTO: Brendan Moore - [email protected]
COO: Kelsey Traher - [email protected]
SANS Team: [email protected]
​
Our Risk Management Policy sits alongside our Security Policy, Data Management Policy and Data Protection Policy to provide the high-level outline of and justification for Ballpark's risk-based information security controls.

Author: Kelsey Traher, COO

Date of change: May 2022

Summary of changes: Reviewed for accuracy; minor changes

Author: Brendan Moore, CTO

Date of change: Oct 2019

Summary of changes: Initial externalised policy document, outlining Ballpark's internal risk management processes