Threat

Your organisation will need to determine who they feel the most likely threat adversary is. This decision should consider the business process of IT Asset recovery only and whether you feel this is a specific threat vector which has actors seeking to exploit any other purpose.

Risk Appetite

ISO 31000 Risk Management refers to risk appetite as the “Amount and type of risk that an organisation is prepared to pursue, retain or take”.

An organisation should take a considered review of IT asset recovery when deciding their risk appetite as there are many functions which can be a source of risk and so the operational countermeasures can be significant and therefore increase the cost in providing the service.

Categories of Data

Please select the categories of data that will be processed / erased by ourselves as part of the IT asset recovery process, these are aligned to the categories within UK GDPR

Volume of Data

As our asset recovery service is focussed on storage media the organisation will need to identify the overall capacity of storage media being presented for erasure.

Business Impact

Your organisation needs to consider the business impact which a data breach would have on your business. This will be dependent on the type of business, the scale of operations, the profile the business has, and of course, the type of data being processed.

Scope

You should state the Scope which this Dial rating can be used, is it for a particular collection, particular site or companywide.

Valid to date

Please input a date you wish this DIAL rating to be valid to. There is no minimum or maximum timeframe we recommend for this, we suggest it is aligned to internal review dates.