Skip to main content

Send your risk documents to the GCDO

Send your completed questions from the risk assessment tool and signed endorsement form to the Government Chief Digital Officer (GCDO).

  1. 1

    Collect: your answers to the risk discovery tool

    These are the questions that you’ve answered and recorded in either:

    You do not need to include answers to the risk discovery, questions 28 to 105, if the person at the right level of reporting:

    • approved the risk of incomplete information
    • documented this decision in your risk assessment.
  2. 2

    Collect: the approval of the risk assessment

    A person at the right reporting level in your organisation needs to sign off on the risk assessment.

    Check who can approve the risk level

    Sign-offs can be done using either:

  3. 3

    Classify your risk documents

    Use the right classification level and make sure it’s visible for each document.

    The risk assessment tool and endorsement form’s classifications might be different from the information being used in the public cloud service.

  4. 4

    Send your documents to the GCDO

    For reporting and sharing guidance about public cloud services, Cabinet requires government organisations to send their signed endorsement forms and completed questions from the risk assessment tool to

    The GCDO does not endorse the sign-offs by government organisations.

  5. 5

    Final step — use your risk assessment

    Put your risk assessment to:

    • immediate use — add your information’s security controls to your organisation’s risk registers
    • ongoing use — work with your organisation’s security and information technology teams to schedule future reviews.

    Final step — Use your risk assessment

Utility links and page information

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Last updated