The College, as part of this Program, must implement an effective risk management strategy. Risk management is the ongoing process of identifying risks and implementing plans to address them. The risk is determined by considering the likelihood that known threats will exploit vulnerabilities and the impact they have on valuable assets. Sometimes the risk is expressed as a conceptual formula:_ Risk_ = Threat x Vulnerability x Impact.

• Sinclair’s risk management strategy involves three primary and continuous processes: asset inventory,
• risk analysis, and
• risk mitigation. 

College administration must identify and analyze reasonably foreseeable external and internal risks to the confidentiality, integrity, and availability of its information and information systems.  The IT Department will assist with developing tools and establishing procedures for identifying and analyzing such risks to relevant information and systems.